TUTORIAL FOR TOPIC 8

JUNE 2015
A(i) 2 importance of coordination when using CAATs to assess network security.

• Auditors could use highly sophisticated software to identify unexpected or unexplained

patterns in data that may indicate a possible fraudulent case. For example, software
may warn the user the existence of duplicate payments, long overdue outstanding amt
and many more.
• Auditors could use automated retrieval and analysis tools to access data and records
and to evaluate and analyze them based on the criteria set by them. Common audit
test in data analysis such as matching transactions, identifying duplicate transactions
could be handled by systems rather than done manually.

(ii) 3 advantages of using CAATs as information retrieval and analysis.

• CAATs are suitable to audit large volume of transactions. It is valuable to organizations

with complex processes, distributed operations and high transaction volumes. The use
of CAATs will help auditors scrutinize all business data and highlight any unusual
transactions.
• As businesses expand, most of the companies prefer the company data being kept
electronically rather than in printed form. Theregore, the use of CAATs is important for
auditors to gain access to audited data in a much efficient way. Direct access to an
organization’s data will eventually reduce the time and effort spent in performing audit
procedures with assured accuracy.
• Using CAATs in performing substantive testing will provide total assurance to the area
being audited. It allows auditors to point out errors or fraud easily in order to provide
effective recommendations. This will also increase the credibility of auditors in the eys
of the management.

B. 2 procedures in conducting the audit of SDLC.

• Phase 1: During this phase l, management will plan a system to meet the
organization’s mission and objectives. The plan will include general guidelines for
system development, time frame and budget. Severely documents will be generated
from this phase which consists of a long term plan, policies for selecting IT projects m,
both long term and short term IT budgets, a project proposal and a project schedule.
• Phase 2: during the september phase, a system analyst will gather the necessary
information such as facts and samples to be used in the projyfrom the end users. The
analyst will then review and analyze the input received and produce a system analysis
report.

C. Three issues that the IA need to consider on the integrity of information in e-

commerce.

• Knowledge of security exposures and control measures. IA should equip themselves

with the various security breach techniques for example hacking, spamming and virus
attacks. Inadequate network access control may increase the possibility of
unauthorized access by external parties into the company’s sensitive and confidential
data.
• Skills and experience in handling e-commerce security issues. The use of e-commerce
as part of a business operation has increased the function, scope and responsibilities
 of the IT department. IA need to equip themselves especially to better their skills and
knowledge of the latest developments in IT control procedures.
• Question and loss of transaction integrity. IA should focus on the adequacy of the
security control as stated in the IT policy and procedures as e-commerce transactions
does not include physical documentation.