Internal Audit: Efficiency Through Automation

Internal Audit: Efficiency Through Automation teaches state-of-the-art computer-aided audit techniques, with practical guidelines on how to get much needed data, overcome organizational roadblocks, build data analysis skills, as well as address Continuous Auditing issues. Chapter 1 CAATTs History, Chapter 2 Audit Technology, Chapter 3 Continuous Auditing, Chapter 4 CAATTs Benefits and Opportunities, Chapter 5 CAATTs for Broader Scoped Audits, Chapter 6 Data Access and Testing, Chapter 7 Developing CAATT Capabilities, Chapter 8 Challenges for Audit,

Table of Contents:
Case Studies xv Preface xvii Acknowledgments xxi CHAPTER 1 CAATTs History 1 The New Audit Environment 2 The Age of Information Technology 3 Decentralization of Technology 3 Absence of the Paper Trail 4 Do More with Less 4 Definition of CAATTs 5 Evolution of CAATTs 6 Audit Software Developments 7 Historical CAATTs 8 Test Decks 8 Integrated Test Facility (ITF) 9 System Control Audit Review File (SCARF) 9 Sample Audit Review File (SARF) 9 Sampling 10 Parallel Simulation 10 Reasonableness Tests and Exception Reporting 11 Traditional Approaches to Computer-Based Auditing 12 Systems-Based Approach 12 Data-Based Approach 15 Audit Management and Administrative Support 19 Roadblocks to CAATT Implementation 20 Summary and Conclusions 24 CHAPTER 2 Audit Technology 27 Audit Technology Continuum 27 Introductory Use of Technology 27 Moderate Use of Technology 28 Integral Use of Technology 29 Advanced Use of Technology 30 Getting There 31 General Software Useful for Auditors 32 Word Processing 32 Text Search and Retrieval 34 Reference Libraries 35 Spreadsheets 35 Presentation Software 37 Flowcharting 38 Antivirus and Firewall Software 39 Software Licensing Checkers 39 Specialized Audit Software Applications 40 Data Access, Analysis, Testing, and Reporting 40 Standardized Extractions and Reports 44 Information Downloaded from Mainframe Applications and/or Client Systems 45 Electronic Questionnaires and Audit Programs 48 Control Self-Assessment 49 Parallel Simulation 50 Electronic Working Papers 51 Data Warehouse 52 Data Mining 54 Software for Audit Management and Administration 56 Audit Universe 56 Audit Department Management Software 57 E-mail 57 File Transfer Protocol (FTP) 57 Intranet 59 Databases 60 Groupware 61 Electronic Document Management 61 Electronic Audit Reports and Methodologies 62 Audit Scheduling, Time Reporting, and Billing 63 Project Management 64 Extensible Business Reporting Language (XBRL) 64 Expert Systems 67 Audit Early-Warning Systems 68 Continuous Auditing 69 Continuous Auditing versus ContinuousMonitoring 72 Example of Continuous Auditing: Application to an Accounts Payable Department 74 Stages of Continuous Auditing 77 Continuous Auditing Template 79 Sarbanes-Oxley 80 Important SOX Sections 81 The Role and Responsibility of Internal Audit 83 Risk Factors 84 Detecting Fraud 85 Determining the Exposure to Fraud 86 SOX Software 88 Assessment of IT Controls and Risks 90 Defining the Scope 92 GAIT Principles 93 Governance, Risk Management, and Compliance (GRC) 94 Internal Audit’s Role in the GRC Process 97 Identifying and Assessing Management’s Risk Management Process 99 Assessment of Internal Control Processes 100 GRC Software 101 Summary and Conclusions 102 CHAPTER 3 CAATTs Benefits and Opportunities 103 The Inevitability of Using CAATTs 103 The New IM Environment 105 The New Audit Paradigm 105 Expected Benefits 108 Planning Phase—Benefits 109 Conduct Phase—Benefits 112 Data Analysis 112 Increased Coverage 112 Better Use of Auditor Resources 115 Improved Results 116 Reporting Phase—Benefits 116 Administration of the Audit Function—Benefits 117 Reduced Costs 119 Increased Performance 120 Increased Time for Critical Thinking 122 Recognizing Opportunities 124 Transfer of Audit Technology 126 Summary and Conclusions 127 CHAPTER 4 CAATTs for Broader-Scoped Audits 129 Integrated Use of CAATTs 129 Value-for-Money Auditing 134 Value-Added Auditing of Inventory Systems 134 Data Analysis in Support of Value-Added Inventory Auditing 135 Inventory Management Practices and Approaches 136 Possible Areas for Audit-Suggested Improvements 138 Audit and Reengineering 144 Audit and Benchmarking 148 Summary and Conclusions 152 CHAPTER 5 Data Access and Testing 153 Data Access Conditions 153 Mainframe versus Minicomputer versus Microcomputer 154 Portability of Programs and Data 154 Limitations to Using the Microcomputer 155 Processing Speeds 155 Single Tasking 156 Inability to Deal with Complex Data and File Structures 156 Client Facilities 157 Auditor’s Microcomputer-Based Facilities 158 Data Extraction and Analysis Issues 159 Accessing the Data 160 Data Storage Requirements 161 Analysis of Data 162 Risks of Relying on Data—Reliability Risk 163 Reliance on the Data 164 Knowledge of the System 165 Assessment of the Internal Controls 166 New Topology of Data Tests 167 Reducing Auditor-Induced Data Corruption 168 Potential Problems with the Use of CAATTs 169 Incorrect Identification of Audit Population 169 Improper Description of Data Requirements 171 Invalid Analyses 172 Failure to Recognize CAATT Opportunities 173 Summary and Conclusions 174 CHAPTER 6 Developing CAATT Capabilities 177 Professional Proficiency: Knowledge, Skills, and Disciplines 177 Computer Literacy: Minimal Auditor Skills 178 Ability to Use CAATTs 180 Understanding of the Data 181 Analytical Support and Advice 182 Communication of Results 184 Steps in Developing CAATT Capabilities 184 Understand the Organizational Environment/Assess the Organizational Culture 184 Obtain Management Commitment 185 Establish Deliverables 186 Set Up a Trial 186 Plan for Success 186 Track Costs and Benefits 187 Lessons Learned 187 Organize Working Groups 188 Computer Literacy Working Group 189 CAATT Working Groups 190 Information Systems Support to Audit 191 Assure Quality 195 Quality Assurance Methodology 196 Preventive Controls for CAATTs 197 Detective Controls for CAATTs 198 Corrective Controls for CAATTs 199 Quality Assurance Reviews and Reports 200 Summary and Conclusions 200 CHAPTER 7 Challenges for Audit 203 Survival of Audit 203 Audit as a Learning Organization 204 Knowledge Acquisition 204 Information Dissemination 205 Information Interpretation 205 Organizational Memory 205 New Paradigm for Audit 206 Computer-Assisted Audit Techniques 206 Computer-Aided Audit Thought Support 207 Auditor Empowerment 208 Access to Microcomputers and Computer Networks 209 Access to Audit Software—Meta-Languages 209 Universal Access to Data 210 Access to Education, Training, and Research 210 Skills Inventory 212 Needed versus Actual Skills 212 Required versus Actual Performance 215 Auditor Skills for Using CAATTs 216 IS Auditor Skills 216 Training Programs and Requirements 217 Conceptual Training 217 Technical Training 218 Training Options 218 In-house 218 Professional Associations 218 Educational Institutions 219 Computer-Based, Video-Based, and Web-Based Training 219 Summary and Conclusions 220 Appendices 223 APPENDIX A The Internet—An Audit Tool 225 The Internet 225 Connecting to the Internet 225 General Internet Uses 226 Useful Sites for Auditors 229 Examples of Audit-Related Internet Usage 230 APPENDIX B Information Support Analysis and Monitoring (ISAM) Section 231 APPENDIX C Information Management Concepts 235 APPENDIX D Audit Software Evaluation Criteria 241  General Capabilities 241  Reporting Capabilities 241  Graphics Capabilities 242  Mathematical Functions 242  File Manipulation Capabilities 242  Record Definition Capabilities 242  File Type Capabilities 242  Programming Capabilities 242  Support 243  Other Capabilities 243 References 245 Index 249