Skip to main content

Internal Audit: Efficiency Through Automation

Internal Audit: Efficiency Through Automation

David Coderre

ISBN: 978-1-119-20354-4

Oct 2015

272 pages

Description

Internal Audit: Efficiency Through Automation teaches state-of-the-art computer-aided audit techniques, with practical guidelines on how to get much needed data, overcome organizational roadblocks, build data analysis skills, as well as address Continuous Auditing issues. Chapter 1 CAATTs History, Chapter 2 Audit Technology, Chapter 3 Continuous Auditing, Chapter 4 CAATTs Benefits and Opportunities, Chapter 5 CAATTs for Broader Scoped Audits, Chapter 6 Data Access and Testing, Chapter 7 Developing CAATT Capabilities, Chapter 8 Challenges for Audit,

Case Studies xv

Preface xvii

Acknowledgments xxi

CHAPTER 1 CAATTs History 1

The New Audit Environment 2

The Age of Information Technology 3

Decentralization of Technology 3

Absence of the Paper Trail 4

Do More with Less 4

Definition of CAATTs 5

Evolution of CAATTs 6

Audit Software Developments 7

Historical CAATTs 8

Test Decks 8

Integrated Test Facility (ITF) 9

System Control Audit Review File (SCARF) 9

Sample Audit Review File (SARF) 9

Sampling 10

Parallel Simulation 10

Reasonableness Tests and Exception Reporting 11

Traditional Approaches to Computer-Based Auditing 12

Systems-Based Approach 12

Data-Based Approach 15

Audit Management and Administrative Support 19

Roadblocks to CAATT Implementation 20

Summary and Conclusions 24

CHAPTER 2 Audit Technology 27

Audit Technology Continuum 27

Introductory Use of Technology 27

Moderate Use of Technology 28

Integral Use of Technology 29

Advanced Use of Technology 30

Getting There 31

General Software Useful for Auditors 32

Word Processing 32

Text Search and Retrieval 34

Reference Libraries 35

Spreadsheets 35

Presentation Software 37

Flowcharting 38

Antivirus and Firewall Software 39

Software Licensing Checkers 39

Specialized Audit Software Applications 40

Data Access, Analysis, Testing, and Reporting 40

Standardized Extractions and Reports 44

Information Downloaded from Mainframe Applications and/or Client Systems 45

Electronic Questionnaires and Audit Programs 48

Control Self-Assessment 49

Parallel Simulation 50

Electronic Working Papers 51

Data Warehouse 52

Data Mining 54

Software for Audit Management and Administration 56

Audit Universe 56

Audit Department Management Software 57

E-mail 57

File Transfer Protocol (FTP) 57

Intranet 59

Databases 60

Groupware 61

Electronic Document Management 61

Electronic Audit Reports and Methodologies 62

Audit Scheduling, Time Reporting, and Billing 63

Project Management 64

Extensible Business Reporting Language (XBRL) 64

Expert Systems 67

Audit Early-Warning Systems 68

Continuous Auditing 69

Continuous Auditing versus ContinuousMonitoring 72

Example of Continuous Auditing: Application to an Accounts Payable Department 74

Stages of Continuous Auditing 77

Continuous Auditing Template 79

Sarbanes-Oxley 80

Important SOX Sections 81

The Role and Responsibility of Internal Audit 83

Risk Factors 84

Detecting Fraud 85

Determining the Exposure to Fraud 86

SOX Software 88

Assessment of IT Controls and Risks 90

Defining the Scope 92

GAIT Principles 93

Governance, Risk Management, and Compliance (GRC) 94

Internal Audit’s Role in the GRC Process 97

Identifying and Assessing Management’s Risk Management Process 99

Assessment of Internal Control Processes 100

GRC Software 101

Summary and Conclusions 102

CHAPTER 3 CAATTs Benefits and Opportunities 103

The Inevitability of Using CAATTs 103

The New IM Environment 105

The New Audit Paradigm 105

Expected Benefits 108

Planning Phase—Benefits 109

Conduct Phase—Benefits 112

Data Analysis 112

Increased Coverage 112

Better Use of Auditor Resources 115

Improved Results 116

Reporting Phase—Benefits 116

Administration of the Audit Function—Benefits 117

Reduced Costs 119

Increased Performance 120

Increased Time for Critical Thinking 122

Recognizing Opportunities 124

Transfer of Audit Technology 126

Summary and Conclusions 127

CHAPTER 4 CAATTs for Broader-Scoped Audits 129

Integrated Use of CAATTs 129

Value-for-Money Auditing 134

Value-Added Auditing of Inventory Systems 134

Data Analysis in Support of Value-Added Inventory Auditing 135

Inventory Management Practices and Approaches 136

Possible Areas for Audit-Suggested Improvements 138

Audit and Reengineering 144

Audit and Benchmarking 148

Summary and Conclusions 152

CHAPTER 5 Data Access and Testing 153

Data Access Conditions 153

Mainframe versus Minicomputer versus Microcomputer 154

Portability of Programs and Data 154

Limitations to Using the Microcomputer 155

Processing Speeds 155

Single Tasking 156

Inability to Deal with Complex Data and File Structures 156

Client Facilities 157

Auditor’s Microcomputer-Based Facilities 158

Data Extraction and Analysis Issues 159

Accessing the Data 160

Data Storage Requirements 161

Analysis of Data 162

Risks of Relying on Data—Reliability Risk 163

Reliance on the Data 164

Knowledge of the System 165

Assessment of the Internal Controls 166

New Topology of Data Tests 167

Reducing Auditor-Induced Data Corruption 168

Potential Problems with the Use of CAATTs 169

Incorrect Identification of Audit Population 169

Improper Description of Data Requirements 171

Invalid Analyses 172

Failure to Recognize CAATT Opportunities 173

Summary and Conclusions 174

CHAPTER 6 Developing CAATT Capabilities 177

Professional Proficiency: Knowledge, Skills, and Disciplines 177

Computer Literacy: Minimal Auditor Skills 178

Ability to Use CAATTs 180

Understanding of the Data 181

Analytical Support and Advice 182

Communication of Results 184

Steps in Developing CAATT Capabilities 184

Understand the Organizational Environment/Assess the Organizational Culture 184

Obtain Management Commitment 185

Establish Deliverables 186

Set Up a Trial 186

Plan for Success 186

Track Costs and Benefits 187

Lessons Learned 187

Organize Working Groups 188

Computer Literacy Working Group 189

CAATT Working Groups 190

Information Systems Support to Audit 191

Assure Quality 195

Quality Assurance Methodology 196

Preventive Controls for CAATTs 197

Detective Controls for CAATTs 198

Corrective Controls for CAATTs 199

Quality Assurance Reviews and Reports 200

Summary and Conclusions 200

CHAPTER 7 Challenges for Audit 203

Survival of Audit 203

Audit as a Learning Organization 204

Knowledge Acquisition 204

Information Dissemination 205

Information Interpretation 205

Organizational Memory 205

New Paradigm for Audit 206

Computer-Assisted Audit Techniques 206

Computer-Aided Audit Thought Support 207

Auditor Empowerment 208

Access to Microcomputers and Computer Networks 209

Access to Audit Software—Meta-Languages 209

Universal Access to Data 210

Access to Education, Training, and Research 210

Skills Inventory 212

Needed versus Actual Skills 212

Required versus Actual Performance 215

Auditor Skills for Using CAATTs 216

IS Auditor Skills 216

Training Programs and Requirements 217

Conceptual Training 217

Technical Training 218

Training Options 218

In-house 218

Professional Associations 218

Educational Institutions 219

Computer-Based, Video-Based, and Web-Based Training 219

Summary and Conclusions 220

Appendices 223

APPENDIX A The Internet—An Audit Tool 225

The Internet 225

Connecting to the Internet 225

General Internet Uses 226

Useful Sites for Auditors 229

Examples of Audit-Related Internet Usage 230

APPENDIX B Information Support Analysis and Monitoring (ISAM) Section 231

APPENDIX C Information Management Concepts 235

APPENDIX D Audit Software Evaluation Criteria 241

 General Capabilities 241

 Reporting Capabilities 241

 Graphics Capabilities 242

 Mathematical Functions 242

 File Manipulation Capabilities 242

 Record Definition Capabilities 242

 File Type Capabilities 242

 Programming Capabilities 242

 Support 243

 Other Capabilities 243

References 245

Index 249