Slide 1ObjectivesBenefits of Audit AutomationUse of software toolsAudit productivity toolsCAATsApplication TestingSamplingData AnalysisOther CATTSComputer ForensicsComputer Forensics: ChallengesCase: Holt Valley Hospital ServicesCHAPTER 4: AUDITING INFORMATION TECHNOLOGY USING COMPUTER-ASSISTED AUDIT TOOLS AND TECHNIQUESMBAD 7090Fall, 20081IS Security, Audit, and Control (Dr. Zhao)OBJECTIVESAudit Productivity ToolsComputer-Assisted Audit Techniques (CAATs)Computer Forensics Methods and TechniquesFall, 20082IS Security, Audit, and Control (Dr. Zhao)BENEFITS OF AUDIT AUTOMATIONIncrease audit productivity and coverageProvide responsiveness to the changeEnhance service quality by having a standard set of audit tools and proceduresBetter knowledge managementFall, 20083IS Security, Audit, and Control (Dr. Zhao)Risk AssessmentAudit ScheduleAudit ProgramAudit TestsAnalysisAudit ResultsReportingBudgetUSE OF SOFTWARE TOOLSTwo categoriesAudit productivity tools: automate the audit function and integrate information gatheredComputer-assisted audit tools (CAATs): tools for substantive audit tests such as data and control evaluationAppropriate use and application of CAATTs relies on appropriate training, sharing of experiences, and supervision.Fall, 20084IS Security, Audit, and Control (Dr. Zhao)AUDIT PRODUCTIVITY TOOLSPlanning and tracking audit activitiesSpreadsheets or project management toolsDocumentation and presentationsWord, PowerPoint, flowcharting, etc.CommunicationsData managementA central knowledge base, a central repository of historical dataGroupwareFor distributed workforcesInformation sharing & individual customizationDocument-oriented databasesExample: Lotus NotesFall, 20085IS Security, Audit, and Control (Dr. Zhao)CAATSValidate the processTest for the existence and execution of computer controls at all levelsGather information and data from production cyclesSupport audit findingsGather evidenceExamples:Audit Command Language (ACL)Interactive Data Extraction and Analysis (IDEA)Fall, 20086IS Security, Audit, and Control (Dr. Zhao)APPLICATION TESTINGSubmit a set of test data that will produce known resultsBoth valid and invalid transactionsParallel simulationA copy of original programReperform the logic of the applicationCould partially duplicate the application logic to test key functionsContinuous monitoringExtract anomalies in real timeFall, 20087IS Security, Audit, and Control (Dr. Zhao)SAMPLINGJudgmental samplingSelect the sample based on the auditor’s experienceItem of audit interestsSpecify criteria based on amount, time, region, etc.Statistical samplingRandom selectionRepresentative of the populationVarious methodsRandom number samplingsCluster samplingFall, 20088IS Security, Audit, and Control (Dr. Zhao)DATA ANALYSISGoal: using computers to compare and summarize dataHistogramGraphical representationIdentify relationships among dataModelingIdentify trends or patterns for evaluating reasonablenessComparative analysisCompare same data at different time periodsFall, 20089IS Security, Audit, and Control (Dr. Zhao)OTHER CATTSTransaction tagging:Follow a selected transaction through the entire application (e.g., Trace function)SnapshotExamine selected variablesCheck the value before and after a certain processIntegrated test facilityCreate a fictitious entity, such as a customer, within the context of the regular applicationProcess test transaction together with live inputsFall, 200810IS Security, Audit, and Control (Dr. Zhao)COMPUTER FORENSICSComputer criminals become more advanced right along with the technologyFast developing fieldA few rules:Never work on the original evidenceEstablish and maintain a continuing chain of custodyDocument everythingFall, 200811IS Security, Audit, and Control (Dr. Zhao)COMPUTER FORENSICS: CHALLENGESAdvancement of encryptionMaintaining credible certifications and industry standardsMore standards need to be developedHiding dataVarious data storage mediaChange file extensionRequires high degree of patience and perseveranceA videoFall, 200812IS Security, Audit, and Control (Dr. Zhao)CASE: HOLT VALLEY HOSPITAL SERVICESHolt Valley Hospital Services, Inc., is a large health care services company that acquired W. Wilson Hospital, an acute-acre hospital, this past year. This is a large facility with a typically long collection cycle for its patients’ accounts receivable. During the annual audit, the “Big Four” auditors supplied a year-end aged accounts receivable trial balance to the internal audit staff. Now, three month later, the internal audit team needs to determine subsequent collections on 22,567 patient accounts.Q1: What is the audit objective?Q2: Discuss functions in which use of a computer would be helpful to the auditors in meeting that objectives.Fall, 200813IS Security, Audit, and Control (Dr.
View Full Document