Computer assisted audit techniques (CAATs)

There are two broad categories of CAAT:

1. Audit software; and
2. Test data.

Audit software

Audit software is used to interrogate a client's system. It can be either packaged, off-the-shelf software or it can be purpose written to work on a client's system. The main advantage of these programs is that they can be used to scrutinise large volumes of data, which it would be inefficient to do manually. The programs can then present the results so that they can be investigated further.

Specific procedures they can perform include:

• Extracting samples according to specified criteria, such as:
  • Random;
  • Over a certain amount;
  • Below a certain amount;
  • At certain dates.
• Calculating ratios and select indicators that fail to meet certain pre-defined criteria (i.e. benchmarking);
• Check arithmetical accuracy (for example additions);
• Preparing reports (budget vs actual);
• Stratification of data (such as invoices by customer or age);
• Produce letters to send out to customers and suppliers; and
• Tracing transactions through the computerised system.

These procedures can simplify the auditor's task by selecting samples for testing, identifying risk areas and by performing certain substantive procedures. The software does not, however, replace the need for the auditor's own procedures.

Test data

Test data involves the auditor submitting 'dummy' data into the client's system to ensure that the system correctly processes it and that it prevents or detects and corrects misstatements. The objective of this is to test the operation of application controls within the system.

To be successful test data should include both data with errors built into it and data without errors. Examples of errors include:

• codes that do not exist, e.g. customer, supplier and employee;
• transactions above pre-determined limits, e.g. salaries above contracted amounts, credit above limits agreed with customer;
• invoices with arithmetical errors; and
• submitting data with incorrect batch control totals.

Data maybe processed during a normal operational cycle ('live' test data) or during a special run at a point in time outside the normal operational cycle ('dead' test data). Both has their advantages and disadvantages:

• Live tests could interfere with the operation of the system or corrupt master files/standing data;
• Dead testing avoids this scenario but only gives assurance that the system works when not operating live. This may not be reflective of the strains the system is put under in normal conditions.

Advantages of CAATs

CAATs allow the auditor to:

• Independently access the data stored on a computer system without dependence on the client;
• Test the reliability of client software, i.e. the IT application controls (the results of which can then be used to assess control risk and design further audit procedures);
• Increase the accuracy of audit tests; and
• Perform audit tests more efficiently, which in the long-term will result in a more cost effective audit.

Disadvantages of CAATs

• CAATs can be expensive and time consuming to set up, the software must either be purchased or designed (in which case specialist IT staff will be needed);
• Client permission and cooperation may be difficult to obtain;
• Potential incompatibility with the client's computer system;
• The audit team may not have sufficient IT skills and knowledge to create the complex data extracts and programming required;
• The audit team may not have the knowledge or training needed to understand the results of the CAATs; and
• Data may be corrupted or lost during the application of CAATs.

Other techniques

There are other forms of CAAT that are becoming increasingly common as computer technology develops, although the cost and sophistication involved currently limits their use to the larger accountancy firms with greater resources. These include:

Integrated test facilities - this involves the creation of dummy ledgers and records to which test data can be sent. This enables more frequent and efficient test data procedures to be performed live and the information can simply be ignored by the client when printing out their internal records; and

Embedded audit software - this requires a purpose written audit program to be embedded into the client's accounting system. The program will be designed to perform certain tasks (similar to audit software) with the advantage that it can be turned on and off at the auditor's wish throughout the accounting year. This will allow the auditor to gather information on certain transactions (perhaps material ones) for later testing and will also identify peculiarities that require attention during the final audit.

Rating :	Ratings & Comments  (Click the stars to rate the page)

Tags:	CAATs;audit software;test data;IT audit software