CAAT

What is CAAT. Advantages. Briefly explain 4 typical test using CAATS. Explain 5 factors that
should be considered in using CAAT

Computer assisted audit techniques (CAATS) are commonly used during substantive testing to
determine the reliability of accounting controls and integrity of computerized accounting records.

Advantages of CAATs

CAATs allow the auditor to:

 Independently access the data stored on a computer system without dependence on the
client;
 Test the reliability of client software, i.e. the IT application controls (the results of which
can then be used to assess control risk and design further audit procedures);
 Increase the accuracy of audit tests; and
 Perform audit tests more efficiently, which in the long-term will result in a more cost-
effective audit.

Disadvantages of CAATs

 CAATs can be expensive and time consuming to set up, the software must either be
purchased or designed (in which case specialist IT staff will be needed);
 Client permission and cooperation may be difficult to obtain;
 Potential incompatibility with the client's computer system;
 The audit team may not have sufficient IT skills and knowledge to create the complex
data extracts and programming required;
 The audit team may not have the knowledge or training needed to understand the results
of the CAATs; and
 Data may be corrupted or lost during the application of CAATs.

Functions:

 Extracting samples according to specified criteria, such as:

o Random;
o Over a certain amount;
o Below a certain amount;
o At certain dates.
 Calculating ratios and select indicators that fail to meet certain pre-defined criteria (i.e.
benchmarking);
 Check arithmetical accuracy (for example additions);
 Preparing reports (budget vs actual);
 Stratification of data (such as invoices by customer or age);
 Produce letters to send out to customers and suppliers; and
  Tracing transactions through the computerized system.

4 tests:

 Testing automated controls such as configuration parameters, or general IT controls such

as passwords - through the use of "one transaction" test per year for automated controls,
thereby substantially reducing the costs and time related to audits based on relatively
larger samples
 Testing the source data rather than printouts from the system which could be incorrect -
This will help you approach your sources more carefully and critically. It will tell
you more about the period in which they were written than about the period they
describe.
 Testing transactions and balance calculations, such as recalculating interest -
Recalculation can be performed through the use of information technology, for example,
by obtaining an electronic file from the entity and using CAATs to check the accuracy of
the summarization of the file.
 Identifying missing values in sequential data - Sometimes fraud is
detected through the identification of missing items or number revealed many gaps in
the sequence of the invoice numbers.

In determining whether to use CAATs, the factors to consider include:

 the IT knowledge, expertise and experience of the audit team; - ISA 401 "Auditing in a
Computer Information Systems Environment" deals with the level of skill and
competence the audit team needs to conduct an audit in an IT environment. The level of
knowledge required depends on the complexity and nature of the CAAT and of the
entity's information system.
 the availability of CAATs and suitable computer facilities and data; - The auditor may
plan to use other computer facilities when the use of CAATs on an entity's computer is
uneconomical or impractical, for example, because of an incompatibility between the
auditor's package program and the entity's computer. Additionally, the auditor may elect
to use their own facilities, such as PCs or laptops.
 the impracticability of manual tests; - Some audit procedures may not be possible to
perform manually because they rely on complex processing (for example, advanced
statistical analysis) or involve amounts of data that would overwhelm any manual
procedure.
 effectiveness and efficiency; and - The effectiveness and efficiency of auditing
procedures may be improved by using CAATs to obtain and evaluate audit evidence.
CAATs are often an efficient means of testing a large number of transactions or controls
over large populations by
 timing. - Certain data, such as transaction details, are often kept for only a short time, and
may not be available in machine-readable form by the time the auditor wants them. Thus,
the auditor will need to make arrangements for the retention of data required, or may
need to alter the timing of the work that requires such data.
ELECTRONIC DATA PROCESSING

Electronic data processing, also known as EDP, is a frequently used term for automatic information
processing. It uses the computers to manipulate, record, classification and to summarize data. If
someone asks what is electronic data processing, then EPD meaning can be described as the processing
of data using electronic means such as computers, calculators, servers and other similar electronic
equipment. A computer is the best example of an electronic data processing machine. Electronic data
processing is an accurate and rapid method of data processing.

 Time-sharing
 Real-time processing
 Online processing
 Multiprocessing
 Multitasking
 Interactive processing
 Batch processing
 Distributed processing

Benefits:

 The system of electronic data processing is once created then the cost of the managing
data will be reduced. Documents can be protected as an extreme data sensitive. Because
of the documents should be treated as a primary asset. When all the information is
collected by the papers are the challenging one.
 The management of document is costly. So, electronic data processing reduces the cost of
the paperwork. The electronic data processing provides the documentation controls. With
the help of electronic data processing, you can easily automate the PDF publishing
process.
 In electronic data processing, there is a facility to search a document in the system. It will
reduce the time loss. The electronic data processing has the benefit to improve the
internal and external collaboration. The electronic data processing helps to improve the
better submissions. The electronic data processing also fast up the complete structure to
make the generation of documents.
 The famous software product such as Ms. Office is using the electronic data processing
concept. The EDP has the facility to reduce the duplication of effort and repeated entries.
The EDP has the capability to make the decisions. An electronic data processing has the
ability to store the enormous amounts of data and this data can then be further utilised for
data presentation and analysis.

NEED FOR AUDITING

Financial Transparency
For a business to grow, financial transparency is of utmost importance. When you are aware of
the inflow and outflow of your business, it becomes easy for the companies to plan and take the
appropriate steps at ease. An audit is an investigation process dedicated to bringing financial
transparency to the organization for smooth functioning.
Detect Illegal Practices
The audit process is to scrutinize the company books, and thus, it keeps a close eye on the illegal
practices followed by the organization. It becomes essential to keep an eye on the practices
followed by the organization's employees so that confidential information doesn't get leaked.
Get a Better Financial Flow
Being a business owner, you should be clear regarding the segments through which your entity
earns revenue. Auditing helps to understand the pathways of income and expenses, which allows
you to analyze the core segments and invest in a planned manner.
Improves Business Credibility
Holding clean books of audit helps the business enhance credibility to a great extent. The
financial institutions have a better image audit your company by looking at the audit report, and
thus, taking credit becomes easy.
Protect the Interests of Shareholders
The audit report states the financial health of an organization, which is a must-know for the
investors. Having a better idea of the utilization of funds paves out new ways for finance to enter
into the organization.

DRAWBACKS OF AUDITING

 Auditing is Costly – Auditing can be a costly process that may require the
implementation of many different measures to ensure compliance. These measures could
include hiring an external auditing firm, or subcontracting specific areas and continually
monitoring their results. The costs associated with auditing could reach a point where it
might be not feasible to implement the process every often.
 Auditing requires experts – Auditing in general can be a very difficult process and
requires considerable knowledge and experience. Moreover, auditing for large companies
is both cost and time-intensive. Accounting firms tend to charge high prices because they
have access to unprotected client data. This is a huge problem because it means company
employees can use this information to commit fraud or theft in the workplace.
 Impossible to check all transactions – The key disadvantage of performing an audit is that
it is impossible to check all transactions that are taking place in the company. This makes
constant monitoring a challenge for audits in business settings.
 Unsuitable for small businesses – Auditing is a highly intensive process that requires
substantial time and resources. Most small businesses do not have the in-house expertise
or the resources to conduct audits. Instead, these companies should invest their efforts in
improving their processes and decision-making so that audits are unnecessary.
 Bribes and threats: It’s easy for an auditor to be tempted by bribes and other incentives
that can significantly raise the value of their audits. Similarly, threats posed to an auditor
can also impact an audit’s end result.

Fixed Audit Program

Standardized instructions that need to be followed by the auditor while conducting the audit. It includes
all possible audit procedures to be followed during the audit although all of them may not be applicable
in a situation. Its benefits include:
Saves time and cost: Fixed audit programs are prepared once and the program is used in all the
organizations. It saves time and cost because if the audit program is arranged once, a similar
program is used in all the organizations. So, it saves time and cost.
Works are completed within: All the works are accomplished within the determined time in
agreement with a fixed audit program because the auditor does not modify such a program on the
request of support staff. All the works are completed within the stipulated time because the
auditor does not change such program on the request of assistant staff.
Helps to make responsible: In a fixed audit program, the work of support is obviously defined
and fixes the accountability of support staff. The audit program fixes the responsibility of
assistant staff. So, they know their responsibility and complete their work in time which helps to
prepare and present a report on time.
Future Work: This Program works as a road map for the future years and the audit staff can
refer to this and appreciate the future course of action. It enhances the competence of the audit
assistants as they are very obvious about their duties. On completion of an audit, it serves the
purpose of audit record which may be useful for future reference.
Work Allocation: This program helps an auditor in the allocation of work among its team
members according to their skills and competency. It reduces the scope for misunderstanding
among team members regarding the performance of audit work.

The disadvantage of the fixed audit program is that it is very rigid and nothing is left to the
discretion of the audit team. Also, it is difficult to follow the same audit program even in the
same organization over the years, as the conditions in the organization are likely to change.

Types of Frauds:

Embezzlement of cash: Misappropriation means wrongful conversion or fraudulent

application of cash.

Embezzlement means any fraudulent application of another’s property by

any person to whom it has been entrusted.

Misappropriation or embezzlement may be committed by:

 Non recording of cash sales.

 Making false entries in account of customers.
 Showing payments against purchases never made.
 Non recording of credit notes for purchase return.
 Non recording of cash received against unusual sales.

1. Asset Misappropriation
This is perhaps the most common types of fraud that affect businesses. One of these types
includes taking cash before it even goes into the company’s system. Since it requires finding
evidence of something that hasn’t taken place, uncovering it can be very hard. It can take the
auditors days or even weeks to uncover this. The internal audit should, therefore, focus on
accounts receivables skimming, check tampering, payroll schemes, inventor schemes, and
inventory schemes. Another thing the auditor should focus on is the misuse of company assets.
2. Payroll Fraud
This type of fraud can manifest itself in a number of ways. An employee could lie about their
hours of service so as to get higher pay. Some may take an advance without expecting to pay it
back. According to studies, payroll fraud can significantly affect small businesses. An internal
auditor should do a background check while closely monitoring timesheets.
3. Third-Party Risk
Reliance on third-party vendors for essential business is also likely to lead to fraud. According to
the Ponemon Institute, up to 59% of companies have experienced data breaches. While dealing
with third-party vendors many businesses don’t know who gets access to their data after sharing
it with a third party.
4. Invoice Fraud Schemes
This is the type of fraud that takes place when the fraudster creates fake invoices to steal money
from the company. This could mean preparing invoices for services that were never offered or
products that were not delivered, creating a fake company or even awarding over-inflated
contacts to personal family and friends. To avoid this, the auditor should check every good and
service do a comprehensive background check to ensure there is no fraud.
5. Tax Fraud
Also known as tax evasion, tax fraud is a fraud that happens when a company’s earnings and
expenses are not reported the way they should be. This is to allow them take advantage of special
exemptions and lower tax brackets. The company should avoid over-reporting or under-reporting
its earnings. The internal auditor should ensure that tax is filled accurately and on time.
6. Technology Audits
Even when face-to-face interaction is not possible some auditors’ projects must go on. Internal
auditors should therefore use technology to conduct, meetings, and interviews. Although this
process has its ups and downs, it comes with several advantages. By focusing on technology,
internal auditors will be able to carry out all those audits without any issue.
7. Consumer fraud
This involves individuals targeted through bogus telemarketing, cons, ID thefts, and other
schemes. Whether it’s a business tax system or an organization’s system breach, consumer fraud
is now on the rise. Companies can also be victims of email phishing that involves sending
targeted disguised emails.
8. Insurance and Baking Fraud
Most companies provide workers compensation and health insurance to their workers. Sadly, a
number of employees are always trying to benefit from this by filling false claims thus resulting
in out of pocket expenses and high premiums for small businesses. To counter this, the internal
auditor should check all claims and submitted documents to ensure they are real.
9. Financial Statement Fraud
This fraud involves inflating numbers like revenues, sales, liabilities, and assets. This is normally
done to dupe investors and manipulate increases in bonuses and stock. Although this kind of
fraud is rare, it can significantly damage the business. The auditor should closely monitor
financial statements for inaccurate information or any inconsistencies.
10. Return Fraud
Many organizations have some form of refund and return that allows customers to send back
defective products that they could have bought. Some people may use this by lying about
purchases, stealing receipts or even using items and returning them before the return period
reaches. All receipts for returns should be checked. In case there is a refund to be given, give
credit.

Prevention and Detection of frauds:

1. Use a system of checks and balances to ensure no one person has control over all parts of
a financial transaction.
o Require purchases, payroll, and disbursements to be authorized by a designated
person.
o Separate handling (receipt and deposit) functions from record keeping functions
(recording transactions and reconciling accounts).
o Separate purchasing functions from payables functions.
o Ensure that the same person isn’t authorized to write and sign a check.
o When opening mail, endorse or stamp checks “For Deposit Only” and list checks
on a log before turning them over to the person responsible for depositing
receipts. Periodically reconcile the incoming check log against deposits.
o Require supervisors to approve employees’ time sheets before payroll is prepared.
o Require paychecks to be distributed by a person other than the one authorizing or
recording payroll transactions or preparing payroll checks.
o If the agency is so small that you can’t separate duties, require an independent
check of work being done, for example, by a board member.
o Require accounting department employees to take vacations.
2. Reconcile agency bank accounts every month.
o Require the reconciliation to be completed by an independent person who doesn’t
have bookkeeping responsibilities or check signing responsibilities or require
supervisory review of the reconciliation.
o Examine canceled checks to make sure vendors are recognized, expenditures are
related to agency business, signatures are by authorized signers, and endorsements
are appropriate.
o Examine bank statements and cancelled checks to make sure checks are not issued
out of sequence.
o Initial and date the bank statements or reconciliation report to document that a
review and reconciliation was performed and file the bank statements and
reconciliations.
3. Restrict use of agency credit cards and verify all charges made to credit cards or accounts
to ensure they were business-related.
o Limit the number of agency credit cards and users.
o Establish a policy that credit cards are for business use only; prohibit use of cards
for personal purposes with subsequent reimbursement.
o Set account limits with credit card companies or vendors.
o Inform employees of appropriate use of the cards and purchases that are not
allowed.
o Require employees to submit itemized, original receipts for all purchases.
o Examine credit card statements and corresponding receipts each month,
independently, to determine whether charges are appropriate and related to
agency business.
4. Provide Board of Directors oversight of agency operations and management.
o Monitor the agency's financial activity on a regular basis, comparing actual to
budgeted revenues and expenses.
o Require an explanation of any significant variations from budgeted amounts.
o Periodically review the check register or general ledger to determine whether
payroll taxes are paid promptly.
o Document approval of financial procedures and policies and major expenditures
in the board meeting minutes.
o Require independent auditors to present and explain the annual financial
statements to the Board of Directors and to provide management letters to the
Board.
o Evaluate the Executive Director's performance annually against a written job
description.
o Participate in the hiring/approval to hire consultants including the independent
auditors.
5. Prepare all fiscal policies and procedures in writing and obtain Board of Directors
approval. Include policies and/or procedures for the following:
o cash disbursements
o attendance and leave
o expense and travel reimbursements
o use of agency assets
o purchasing guidelines
o petty cash
o conflicts of interest
6. Ensure that agency assets such as vehicles, cell phones, equipment, and other agency
resources are used only for official business.
o Examine expense reports, credit card charges, and telephone bills periodically to
determine whether charges are appropriate and related to agency business.
o Maintain vehicle logs, listing the dates, times, mileage or odometer readings,
purpose of the trip, and name of the employee using the vehicle.
o Periodically review the logs to determine whether usage is appropriate and related
to agency business.
o Maintain an equipment list and periodically complete an equipment inventory.
7. Protect petty cash funds and other cash funds.
o Limit access to petty cash funds. Keep funds in a locked box or drawer and
restrict the number of employees who have access to the key.
o Require receipts for all petty cash disbursements with the date, amount received,
purpose or use for the funds, and name of the employee receiving the funds listed
on the receipt.
o Reconcile the petty cash fund before replenishing it.
o Limit the petty cash replenishment amount to a total that will require
replenishment at least monthly.
o Keep patient funds separate from petty cash funds.
8. Protect checks against fraudulent use.
o Prohibit writing checks payable to cash.
o Deface and retain voided checks.
 o Store blank checks in a locked drawer or cabinet, and limit access to the checks.
o Require that checks are to be signed only when all required information is entered
on them and the documents to support them (invoices, approval) are attached.
o Require two signatures on checks above a specified limit. Require board member
signature for the second signature above a higher specified limit. (Ensure that
blank checks are not pre-signed.)
o Mark invoices “Paid” with the check number when checks are issued.
o Enable hidden flags or audit trails on accounting software.
9. Protect cash and check collections.
o Ensure that all cash and checks received are promptly recorded and deposited in
the form originally received.
o Issue receipts for cash, using a pre-numbered receipt book.
o Conduct unannounced cash counts.
o Reconcile cash receipts daily with appropriate documentation (cash reports,
receipt books, mail tabulations, etc.)
o Centralize cash receipts whenever possible.
10. Avoid or discourage related party transactions.
o Require that a written conflict of interest and code of ethics policy is in place and
that it is updated annually.
o Require that related party transactions be disclosed and be approved by the Board.
o Require competitive bidding for major purchases and contracts.
o Discourage the hiring of relatives and business transactions with Board members
and employees.