Chapter 5

Computer-Assisted Audit Tools

and Techniques
LEARNING OBJECTIVES
After studying this chapter SWBAT:
Be familiar with the classes of transaction input
controls used by accounting applications.
Understand the objectives and techniques used
to implement processing controls
Understand the methods used to establish
effective output controls
Be familiar with the key features of the five
CAATTs

11/25/2022 EDP Audting Inst. Dr. Dagnu L

INTRODUCTION
CAATT: deals with the use of any
computerised tool or technique which
increases the efficiency and effectiveness of the
audit function.
CAATs may improve the effectiveness and
efficiency of auditing procedures. They
may also provide effective tests of control and
substantive procedures where there are no
input documents or a visible audit trail, or
where population and sample sizes are very
large.
11/25/2022 EDP Audting Inst. Dr. Dagnu L
5.0 APPLICATION CONTROLS

APPLICATION CONTROLS
Definition: are programmed procedures designed
to deal with potential exposures that threaten
specific applications, such as payroll, purchases, and
cash disbursements systems.
Broad categories:
1. Input controls,
2. Processing controls
3. Output controls.

11/25/2022 EDP Audting Inst. Dr. Dagnu L

Application Controls for Transaction Processing

11/25/2022 EDP Audting Inst. Dr. Dagnu L

5.1 Input controls
Input controls are designed to ensure that
transactions are valid, accurate, and complete.
Data input procedures can be either
Source document-triggered (batch) or
Direct input (real time).
Source document input requires human involvement
and is prone to clerical errors.
Direct input employs real-time editing techniques to
identify and correct errors immediately, thus
significantly reducing the number of errors that
enter the system.
11/25/2022 EDP Audting Inst. Dr. Dagnu L
5.1 Input controls
Classes of Input Control
➢Source document controls
➢Data coding controls
➢Batch controls
➢Validation controls
➢Input error correction
➢Generalized data input systems

11/25/2022 EDP Audting Inst. Dr. Dagnu L

5.1 Input controls
Source document controls
Control procedures over source documents
1. Using pre-numbered source documents
2. Using source documents in sequence
3. Auditing source documents periodically

11/25/2022 EDP Audting Inst. Dr. Dagnu L

5.1 Input controls
 Data coding controls
 Are controls that checks the integrity of data codes during processing
 Three types of errors can corrupt data codes and cause processing errors:
a. Transcription errors
 Addition errors, extra digits inventory item number 83276 is recorded as
832766
 Truncation errors, digit removed the inventory item above would be recorded
as 8327.
 Substitution errors, digit replaced code number 83276 is recorded as 83266.
 Transposition errors
b. Single transposition: adjacent digits transposed (reversed) 83276 is recorded as
38276.
c. Multiple transposition: non-adjacent digits are transposed83276 is
recorded as 87236

11/25/2022 EDP Audting Inst. Dr. Dagnu L

5.1 Input controls
Method For Detecting Data Coding Errors
Check Digits – is a control digit added to the code
when it is originally assigned to establish the
integrity of the code.
The digit can be located anywhere in the code:
suffix, prefix, or embedded.
This technique will detect only transcription errors.
Modulus 11 – is a popular method, which
recalculates the check digit during processing. The
use of check digits introduces storage and
processing inefficiencies and should be restricted to
essential data.

11/25/2022 EDP Audting Inst. Dr. Dagnu L

5.1 Input controls
Batch controls
Batch controls are an effective method of
managing high volumes of transaction data
through a system. The objective of batch control
is to reconcile output produced by the system
with the input originally entered into the system.
This provides assurance that:
All records in the batch are processed.
No records are processed more than once.
An audit trail of transactions is created from
input through processing to the output stage
of the system.
11/25/2022 EDP Audting Inst. Dr. Dagnu L
5.1 Input controls
Validation Controls.
Input validation controls are intended to detect
errors in transaction data before the data are
processed.
Validation procedures are most effective
when they are performed as close to the source
of the transaction as possible.
The problem with this technique is that a
transaction may be partially processed before
data errors are detected.

11/25/2022 EDP Audting Inst. Dr. Dagnu L

5.1 Input controls
There are three levels of input validation
controls:
1. Field interrogation
2. Record interrogation
3. File interrogation

11/25/2022 EDP Audting Inst. Dr. Dagnu L

5.1 Input controls
Input Error Correction
 When errors are detected in a batch, they must be
corrected and the records resubmitted for
reprocessing.
This must be a controlled process to ensure that
errors are dealt with completely and correctly.
There are three common error handling techniques:
(1) correct immediately,
(2) create an error file, and
(3) reject the entire batch.

11/25/2022 EDP Audting Inst. Dr. Dagnu L

5.1 Input controls
Generalized Data Input Systems
 To achieve a high degree of control and
standardization over input validation
procedures, some organizations employ a
generalized data input system (GDIS).
This technique includes centralized
procedures to manage the data input for all
of the organization’s transaction processing
systems.
11/25/2022 EDP Audting Inst. Dr. Dagnu L
5.1 Input controls
A GDIS has five major components:
1. Generalized validation module
2.Validated data file
3. Error file
4. Error reports
5. Transaction log

11/25/2022 EDP Audting Inst. Dr. Dagnu L

5.2 Processing Controls
Processing controls are there to ensure that the
incoming data is processed according to established
rules for how particular data is to be processed
through the application. Process control systems are
devices that perform quality testing throughout a
production line.
categories:
I. Run-to-run controls,
II. Operator intervention controls,
III. Audit Trail Controls.
11/25/2022 EDP Audting Inst. Dr. Dagnu L
5.3 Output Controls
Output controls ensure that system output
is not lost, misdirected, or corrupted and
that privacy is not violated.
It focuses on measurable results
within an organization.
Output controls ensure that computer
programs process these transactions
accurately and produce the results we
expect to see.
11/25/2022 EDP Audting Inst. Dr. Dagnu L
5.4 CAATs AND TECHNIQUES
FOR TESTING CONTROLS
Five CAATT approaches:
The test data method: is based on auditors'
creation of input data that should be processed
by client's application. Test data consist of correct
and incorrect data. If incorrect data is entered into
the system, auditor expects the input rejection.
base case system evaluation: is a special case of
test data that requires an all-inclusive set of test
data in order to test every possible data and
processing condition. This method is time-
consuming and expensive and best developed by
an internal audit staff.

11/25/2022 EDP Audting Inst. Dr. Dagnu L

Five CAATT approaches…ctd
 Tracing: A distributed tracing tool enables you to track user
requests across multiple servers and services in a
microservice architecture. It gives you a central overview of
how user requests are performing in different services.
 Integrated test facility: creates a fictitious entity in a database to
process test transactions simultaneously with live input. on-
going technique that enables the auditor to test an application’s
logic and controls during its normal operation
 Parallel simulation: Here, the auditor processes real client data
on an audit program similar to some aspect of the client's
program. The auditor compares the results of this processing
with the results of the processing done by the client's program.

11/25/2022 EDP Audting Inst. Dr. Dagnu L

 END OF CHAPTER 5
THANK YOU FOR YOUR ATTENTION!!

11/25/2022 EDP Audting Inst. Dr. Dagnu L