AUDITING TOOLS

Sesi
Refresh !!
Objective, Risk & Controls
Information System Audit
• Focus on determining risks that are relevant to information assets, and in
assessing controls in order to reduce or mitigate these risks.
• May take the form of a "general control review" or an "application control
review". Regarding the protection of information assets, one purpose of an
IS audit is to review and evaluate an organization's information system's
availability, confidentiality, and integrity by answering questions like:
• Will the organization's computer systems be available for the business at all times
when required? (Availability)
• Will the information in the systems be disclosed only to authorized users?
(Confidentiality)
• Will the information provided by the system always be accurate, reliable, and timely?
(Integrity).
IT Controls in Organization
IT Controls in Organization
IT GENERAL CONTROL
• controls that are embedded within IT processes, provide a
reliable operating environment and support the effective
operation of application controls.
IT APPLICATION CONTROL
• Application controls refer to the transactions and data
relating to each computer-based application system and
are, therefore, specific to each such application.
IT Governance
• Governance ensures that enterprise objectives are
achieved by evaluating stakeholder needs, conditions and
options; setting direction through prioritization and
decision making; and monitoring performance,
compliance and progress against agreed-on direction and
objectives (EDM).
• Management plans, builds, runs and monitors activities
in alignment with the direction set by the governance
body to achieve the enterprise objectives (PBRM).
AUDITING TOOLS
Computer Assisted Audit Techniques
Computer Assisted Audit Techniques (CAATs) –
when the auditor uses specialized or audit software,
generally PC software, to assist in performing audit
procedures, such as executing substantive testing or
in some cases compliance testing.
Data Acquisition & Analysis
Data Acquisition
• Can client give us the data we request in PC ready format?
• Do the auditors have the skills to format the data request?
• If not in PC format, can the auditors convert the data into
PC format?

Data Analysis
• Do auditors have the skills to perform the required data
analysis?
General CAATs’ Functions
Examine records based on specified criteria
• Test calculations and make computations
• Compare data on separate files
• Select and print audit samples
• Summarize or re-sequence data and perform analysis
• Compare data obtained through other audit
procedures with client records
Leads Flow From Different Sources to One Database
Database
Relational Database
Ill Inventory Control
us • List old or slow-moving inventory items for possible write offs
tr • List large differences between the last physical inventory & the perpetual book

at inventory for further analysis & review of adjustments
io •
Test the numerical sequence of physical inventory count sheet numbers to
ns account for all numbers, whether used or not
-
E • List inventory items with negative balances for further analysis & follow up
x • Test the accuracy of reduction of inventory relied for cost of sales
p •
Calculate inventory turnovers by product & compare them to targets
e
n • Use the control flowcharting technique to review the overall business control
di context of the WIP computer processing application system. This technique is
tu similar to a normal flowchart, except that it will focus more on controls & control
points in a WIP flow in a manufacturing
re
 Production Control
• List production orders with no due date of production scheduling
and no delivery (shipping) date
• Compare production counts between production system records &
Ill cost accounting system records to ensure that costs are allocated
us based on correct production count
• Test the accuracy of accumulation of production costs
tr
ati Shipping
on • List customers orders that were shipped late by comparing order
due date on production records with shipped date on shipping
records.
• Identify items shipped but not billed, which is an indication of lapse
in procedures
 Fixed Assets
• List high dollar-value assets for physical inspection
• List asset additions & disposal for vouching to supporting
Ill documentation
us • List high dollar value maintenance expenses for possible

tr capitalization
• List fully depreciated assets
ati • Compare depreciation periods with guidelines provided by
on management & tax authorities for compliance, & list unusually
long or short depreciation periods
• List assets without any depreciation charges, which would
increase income
Other Auditing Tools

• Dumpsec
• Specific System Scripts or applications
• Idea