Jump to content

Computer-aided audit tools

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by GroupOne (talk | contribs) at 00:58, 4 June 2005. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Data Analysis

Data analysis is the means by which the IS auditor determines the completeness and accuracy of an organization’s data. Auditors perform data analysis to determine where it is best to focus audit tests.

Along with manual audit procedures, the auditor can employ computer assisted auditing tools and techniques (CAATT’s) to perform data analysis throughout the audit engagement. Generalized Audit Software (GAS), also known as Data Analysis Software, is the most popular form of CAATT used in the data analysis process.

Data Analysis Process

Key steps within the data analysis process include:

  1. Scoping
    • The auditor determines audit objectives and identifies organizational systems containing potentially relevant data.
  2. Requesting Data from the Organization
    • In order to obtain sufficient, reliable, and relevant evidence to achieve their audit objectives, the auditor attempts to determine relevant data used to perform audit tests. The data is then requested from the organization’s IT department.
  3. Extracting Data
    • When data is extracted from an organization, the auditor must verify the integrity of the organization’s information system and IT environment from which the data is extracted.
  4. Data Importation
    • The auditor must determine the completeness and relevancy of data obtained by the organization.
  5. Data Profiling
    • The auditor performs relevancy checks on data. For example, checking an organization’s data to determine if there are any negative invoice amounts, debits don’t equal credits, or if there is omitted data.
  6. Data Analysis
    • The auditor analyzes the data to determine if sufficient evidence has been obtained to support their overall conclusions and findings of the audit.
  7. Reporting
    • The auditor must summarize the findings and then determine which type of audit report is most suitable to describe the outcome of the audit results. For example, an unqualified audit report vs. a qualified audit report.
  8. Documentation of Research Findings
    • The auditor must document their research findings in the forms of work papers, spreadsheets, flowcharts, and results of observations, to name a few. Audit documentation is essential to support the auditor’s findings and recommendations as stated in the audit report.


Computer Assisted Auditing Tools & Techniques (CAATTs)

CAATT’s allow auditors to utilize computers to complete detailed and analytical tests with little effort.

Benefits of audit software include:

  • They are independent of the system being audited and will use a read-only copy of the file to avoid any corruption of an organization’s data.
  • Many audit-specific routines are used such as sampling.
  • Provides documentation of each test performed in the software that can be used as documentation in the auditor’s work papers.


Data Analysis Software

The most popular form of CAATTs, data analysis software is used to extract data from commonly used file formats and the tables of most database systems. This audit software can perform a variety of queries and other analyses on an organization’s data.


Functions an auditor can perform using the software include:

  • Data queries.
  • Data stratification.
  • Sample extractions.
  • Missing sequence identification.
  • Statistical analysis.
  • Calculations.


The following are types of query and analysis tools used by auditors while performing data analysis.

  • Access – A database program that provides data selection, analysis, and reporting.
  • ACL & IDEA – General audit software that reads files from most formats and provides data selection, analysis, and reporting.
  • Excel – Spreadsheet software that provides analysis, calculation, graphing, and reporting.
  • CA-Examine – A programming language that provides data selection, analysis, and reporting. Additional programming languages include: CA-Easytrieve, Vbasic, C, C++, JAVA, SQL, Perl, SAS, and SPSS.


Data analysis programs use such techniques as:

  • Histograms – provides the auditor with a “snapshot” of the substance, makeup, and distribution of data within an organization’s accounting system.
  • Modeling – allows the auditor to determine the reasonableness of an organization’s data by comparing current data with a trend or pattern as established by evaluating data from previous years.
  • Comparative Analysis – Allows the auditor to compare sets of data to determine areas of audit interest.


Other CAATTs used for Data Analysis

In addition to using Data Analysis Software, the auditor utilizes CAATTs throughout the audit for the following activities while performing data analysis:


  • Creation of Electronic Work Papers

Keeping electronic work papers on a centralized audit file or database will allow the auditor to navigate through current and archived working papers with ease. The database will make it easier for auditors to coordinate current audits and ensure they consider findings from prior or related projects. Additionally, the auditor will be able to electronically standardize audit forms and formats, which can improve both the quality and consistency of the audit working papers.


  • Fraud Detection

CAATTs provides auditors with tools that can identify unexpected or unexplained patterns in data that may indicate fraud. Whether the CAATT is simple or complex, data analysis provides many benefits in the prevention and detection of fraud.

CAATTs can assist the auditor in detecting fraud by performing and creating the following, respectively:

  1. Analytical Tests &8211; evaluations of financial information made by studying plausible relationships among both financial and non-financial data to assess whether account balances appear reasonable (AU 329). Examples include ratio, trend, and Benford’s Law tests
  2. Data Analysis Reports – reports produced using specific audit commands such as filtering records and joining data files.


  • Continuous Monitoring

Continuous monitoring is an ongoing process for acquiring, analyzing, and reporting on business data to identify and respond to operational business risks. For auditors to ensure a comprehensive approach to acquire, analyze, and report on business data, they must make certain the organization continuously monitors user activity on all computer systems, business transactions and processes, and application controls.

Additionally, the auditor can install audit procedures into their audit software called imbedded audit routines, which can continuously capture and analyze an application’s processing results. The audit routines can capture transaction data, statistics, and continuously evaluate the organization’s computer system for processing errors. For example, evaluating whether fields that should only have alpha characters have no null data values and amount fields have no alpha characters.


  • Audit Reporting

Benefits to electronic audit reporting include:

  1. Automatically providing information about sections of audits, as they are completed, to the audit supervisor to update them with the ongoing status of all audit projects. Frequent status updates will allow the supervisor to focus on certain processes of the audit, which indicates problems and/or provide additional resources in areas falling behind schedule.
  2. Providing links to working papers, worksheets, graphs, or other information that will be automatically updated as data changes.
  3. Report files can be shared by audit team members and management, and can easily be distributed via e-mail, file transfer, or audit website. The auditor must ensure appropriate security, confidentiality, and access controls for such reports.


Web sites of selected audit software vendors

Retrieved from "https://en.wikipedia.org/w/index.php?title=Computer-aided_audit_tools&oldid=14667579"