Module 5

Computer Assisted Audit Techniques (CAATs)

CAATs

 Computer programs and data that the auditor uses as part of the audit procedures to process data of audit
significance

 It allows auditors to give access to data without dependence on the client, test the reliability of client software,
and perform audit tests more efficiently.

 Uses of CAATs: it may be used in performing various audit procedures like:

› Tests of details of transactions and balances (audit softwares for recalculating interests)

› Analytical procedures (identifying inconsistencies or fluctuations)

› Test of general controls

› Samping programs to extract data for audit testing

› Test of application controls (testing of a programmed controls)

› Reperforming calculations performed by the computer system

 Package Programs

 Purpose-written programs

 Utility Programs

 System Management Programs

Package Programs

 Generalized computer programs designed to perform data processing functions such as reading data, selecting
and analyzing information, performing calculations, creating data files and reporting in a format specified by the
auditor

Purpose Written Programs

 Perform audit tasks in specific circumstances

 May be developed by auditor, the entity being audited or an outside programmer hired by the auditor.

 The auditor may use the entity’s existing programs in their original or modified state because it may be more
efficient than developing independent programs

Utility Programs

 Used by an entity to perform common data processing functions, such as sorting, creating and printing files.

 These programs are generally not designed for audit purposes, and therefre may not contain features such as
authomatic records counts and control totals
System Management Programs

 Enhanced productivity tools that are typically part of a sophisticated operating systems environment

 Data retrieval software or code comparison software

 Like utility programs, these are also not designed for auditing

Considerations in the use of CAATs

 IT knowledge, expertise and experience of audit team

 Availability of CAATs and suitable computer facilities and data

 Impracticability of manual tests

 Effectiveness and efficiency

 Time constraints

IT Knowledge, expertise and experience of the audit team

 Auditing in a CIS environment deals with the level of skill and competence the audit team needs to conduct an
audit in CIS environment.

 It provides guidance when an auditor delegated work to assistants with CIS skills or when the auditor uses work
performed by other auditors or experts with such skills, specifically, the audit team should have sufficient
knowledge to plan, execute and use the results of the CAATs adopted

 The level of knowledge required depends on availability of CAATs and suitable computer facilities

Availability of CAATs and suitable computer facilities

 The auditor may plan to use other computer facilities when the use of CAATs on an entity’s computer is
uneconomical or impractical (incompatible facility and package programs)

 The auditor may elect to use their own facilities

 The cooperations of the entity’s personnel may be required to provide processing facilities at a convinient time,
to assist with activities

Impracticability of Manual Tests

 Some audit procedures may not be possible to perform manuallt because they rely on complex processing or
involve amounts of data that would overwhelm any manual procedure.

 Many CIS perform tasks for which no hard copy evidence is available and, therefore, it may be impracticabl for
the auditor to perform tests manually

Effectiveness and Efficiency

 CAATs are oftern an efficient means of testing a large number of transactions or cotrols oer large populations
by:

› Analyzing and selecting sample from a large volume of transactions

 › Applying analytical procedures

› Performing substantive procedures

 Matters relatin to efficiency that an auditor might consider includes:

› The time taken to plan, design, execute and evaluate CAAT

› Technical review and assistance hours

› Designing and printing of forms

› Availability of computer resources

Time Constraints

 Certain are often kept for a short time and may not be available in machine-readable form by the time auditor
wants them

 The auditor will need to make arrangements for the retention of data required, or may need to alter the timing of
the work that required such data

 When time available to perform an audit is limited, the auditor may plan to use CAAT because its use will meet
the auditor’s time requirement better than the possible procedures.

Major steps in the application of CAAT

1. Set the objective of CAAT application

2. Determine the content and accessibility of the entity’s files

3. Identify the specific files or databases to be examined

4. Understand the relationship between the data tables where a database is to be examined

5. Define the specific tests and related transactions and balances affected

6. Define the output requirements

7. Arrange with the user and IT departments, if appropriate, for copies of relevant files or database tales to be made at
the appropriate cut off date and time

8. Identify the personnel who may participate in the design and application of CAAT

9. Refine the estimates of costs and benefits

10. Ensure that the use of CAAT is properly controlled

11. Arrange the administrative activities, including the necessary skills and computer facilities

12. Reconcile data to be used for CAAT with the accounting and other records

13. Execute CAAT application

14. Evaluate the results

15. Document CAATs to be used including obejctives, high level flowcharts and run instructions
16. Assess the effect of changes to programs on the use of CAAT

Testing CAATs

 The auditor should obtain reasonable assurance of the integrity, reliability, usefulness and security of CAAT
through appropriate planning, design, testing, processing, and review of documentation. (should be done prior
to reliance upon CAAT)

 The nature, timing and extent of testing is dependent on the commercial availability and stability of CAAT

Controlling CAAT Application

 In establishing control, the auditor considers the need to:

› Approve specifications and conduct a review of the work to be performed by CAAT

› Review the entity’s general controls that may contribute to the integrity of CAAT

› Ensure appropriate intergration of the output by the auditor into the audit process

Procedures carried out by the auditor to control CAATs application

 Participating in the design and testing of CAAT

 Checking the coding of the program to ensure that it conforms with the detailed program specifications

 Asking the entity’s staff to review the operating system instructions to ensure that the software will run in the
entity’s computer installation

 Running the audit software on smal test files before running it on the main data files

 Checking whether the correct files were used

 Obtaining evidence that the audit sodtware functioned as planned

 Establishing appropriate security measures to safeguard the integrity and confidentiality of the data

Note: When the auditor intends to perform audit procedures concurrenlty with online processing, the auditor reviews
those procedures with appropriate client personnel and obtains approval before conducting the tests to help acoid the
inadverent corruption of client records. The presence of the auditor is not necessarily required at the computer facility
during the running of CAAT