Professional Documents
Culture Documents
To illustrate how application controls are tested, this section describes five
computer-assisted audit tools and techniques (CAATTs) approaches: the test data
method, base case system evaluation, tracing, integrated test facility, and parallel
simulation.
Creating test data requires a complete set of valid and invalid transactions.
Incomplete test data may fail to explore critical branches of application logic and
error checking routines. Test transactions should be designed to test all possible input
errors, logical processes, and irregularities. Gaining knowledge of the application’s
internal logic sufficient to create meaningful test data may demand a large investment
in time. The efficiency of this task can, however, be improved through careful
planning during systems development. The auditor should save for future use the test
data used to test program modules during the implementation phase of the SDLC. If
the application has undergone no maintenance since its initial implementation, current
audit test results should equal the original test results obtained at implementation. If
the application has been modified, the auditor can create additional test data that focus
on the areas of the program changes.