Scribd
Upload
49 views

Chapter 10 Performance of Audit Work

The document discusses the use of computer-assisted audit techniques (CAATs) in auditing. It describes different types of CAATs like generalized audit software, utility software, test data, and application tracing. For each CAAT, it explains what steps auditors should take to properly execute and document the technique. The document also provides guidance on documenting CAATs procedures in audit workpapers and describing the use of CAATs in audit reports. It aims to help auditors understand how to appropriately perform and document their work when using CAATs.

Uploaded by

Steffany Roque
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
49 views

Chapter 10 Performance of Audit Work

The document discusses the use of computer-assisted audit techniques (CAATs) in auditing. It describes different types of CAATs like generalized audit software, utility software, test data, and application tracing. For each CAAT, it explains what steps auditors should take to properly execute and document the technique. The document also provides guidance on documenting CAATs procedures in audit workpapers and describing the use of CAATs in audit reports. It aims to help auditors understand how to appropriately perform and document their work when using CAATs.

Uploaded by

Steffany Roque
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

AUDITING IN A CIS ENVIRONMENT

CHAPTER 10
PERFORMANCE OF AUDIT WORK

Objective
1. Discuss the Generalized Audit Software
2. List the CAATs Documentation
3. Explain the Description of CAATs

Gathering Audit Evidence


The use of CAATs should be controlled by the IS auditor to provide
reasonable assurance that the audit objectives and the detailed specifications
of the CAATs have been met. The IS auditor should:
1. Perform a reconciliation of control totals if appropriate
2. Review output for reasonableness
3. Perform a review of the logic, parameters or other characteristics of the
CAATs
4. Review the organisation's general IS controls which may contribute to the
integrity of the CAATs (e.g., program change controls and access to system,
program, and/or data files)

Generalised Audit Software


When using generalised audit software to access the production data, the
IS auditor should take appropriate steps to protect the integrity of the
organisation's data. With embedded audit software, the IS auditor should be
involved in system design and the techniques will have to be developed and
maintained within the organisation's application programs/systems.

Utility Software
When using utility software, the IS auditor should confirm that no
unplanned interventions have taken place during processing and that the utility
software has been obtained from the appropriate system library. The IS auditor
should also take appropriate steps to protect the integrity of the organisation's
AUDITING IN A CIS ENVIRONMENT

system and files since these utilities can easily damage the system and its
files.

Test Data
When using test data, the IS auditor should be aware that test data only
point out the potential for erroneous processing; this technique does not
evaluate actual production data. The IS auditor also should be aware that test
data analysis can be extremely complex and time consuming, depending on
the number of transactions processed, the number of programs tested, and the
complexity of the programs/system. Before using test data the IS auditor
should verify that the test data will not permanently affect the live system.

Application Software Tracing and Mapping


When using application software tracing and mapping, the IS auditor
should confirm that the source code being evaluated generated the object
program currently being used in production. The IS auditor should be aware
that application software tracing and mapping only points out the potential for
erroneous processing; it does not evaluate actual production data.

Audit Expert Systems


When using audit expert systems, the IS auditor should be thoroughly
knowledgeable of the operations of the system to confirm that the decision
paths followed are appropriate to the given audit environment/situation.

CAATs Documentation
Workpapers
1. The step-by-step CAATs process should be sufficiently documented to
provide adequate audit evidence.
2. Specifically, the audit workpapers should contain sufficient
documentation to describe the CAATs application, including the details set out
in the following sections.

Planning
Documentation should include:
1. CAATs objectives
2. CAATs to be used
3. Controls to be exercised
4. Staffing and timing

Execution
Documentation should include:
1. CAATs preparation and testing procedures and controls
2. Details of the tests performed by the CAAT
3. Details of inputs (e.g., data used, file layouts), processing (e.g.,
CAATs high-level flowcharts, logic) and outputs (e.g., log files, reports)
4. Listing of relevant parameters or source code

Audit Evidence
Documentation should include:
AUDITING IN A CIS ENVIRONMENT

1. Output produced
2. Description of the audit analysis work performed on the output
3. Audit findings
4. Audit conclusions
5. Audit recommendations

Reporting
Description of CAATs
 The objectives, scope and methodology section of the report should
contain a clear description of the CAATs used. This description should not
be overly detailed, but it should provide a good overview for the reader.
 The description of the CAATs used should also be included in the body of
the report, where the specific finding relating to the use of the CAATs is
discussed.
 If the description of the CAATs used is applicable to several findings, or is
too detailed, it should be discussed briefly in the objectives, scope and
methodology section of the report and the reader referred to an appendix
with a more detailed description.

To have an idea about performance of audit work


https://youtu.be/4WL_o8812VI
Information about Audit procedures and evidence
https://youtu.be/1KAo8Y-k-jY
To have an idea how to use CAATs
https://youtu.be/VURuQqhdx7g

Reference:
Compilation of lecture
notes by Dean Bacay

You might also like