Transcript Risk Based Audit Approach - Comptroller and Auditor

EDP Audit
Presentation By:
R.T.I. JAIPUR
Session 8.1
1
The Era of Computers
Greatest achievement of scientific &
technological development.
Increased application of computers and IT
in accounting operations.
Session 8.1
2
Significant Trends
Development of IT based networks largely
powered by the development of Internet,
Intranet, Telecom and network computers.
More efficient information storage.
Emergence of object oriented tools for system
development.
Transactions are processed and received
electronically.
Session 8.1
3
Significant Trends
Expert and Automated Management systems.
Growth of mobile PC’s.
Development of new and improved security
measures.
Session 8.1
4
Characteristics of an EDP
environment
Organizational structure
Absence of Input documents
Lack of visible Audit trail
Lack of visible output
Easy access to data and programs
Consistent performance
Programmed controls
Session 8.1
5
Computer frauds
Financial frauds
Property frauds
Information theft
Theft of services
Vandalism of equipment
Destruction of records
Session 8.1
6
Internal controls
General EDP controls
EDP application controls
Session 8.1
7
Auditing in EDP Environment
When auditing under EDP system, auditors are
not supposed to change audit objectives or
auditing scopes set by auditing programs but are
supposed to analyze the impact on auditing
caused by IT and adopt some new auditing
methodology.
Session 8.1
8
Auditing in EDP Environment
The change of the Auditees.
Changed nature of wrongdoings and frauds.
For example:– Permitting people to deal with economic and accounting
affairs anonymously.
– Allowing modification of accounting data without authorization
or modification of accounting data without documentation of
the modification.
– Allowing unauthorized visitors.
– Hiding or carrying out some invisible operations.
Session 8.1
9
Auditing in EDP Environment
Changes of Auditing evidence.
Changes of working papers.
Session 8.1
10
Audit risks in EDP Environment
Visible Audit Clues may disappear naturally.
– In manual accounting system, every step in
accounting circle is verified by paper recording and
concerned signatures leaving visible and clear audit
clues.
– In IT environment paper information is altered into
magnetic codes therefore traditional audit evidence
no longer exists.
Session 8.1
11
Audit risks in EDP Environment
Electronic accounting data are liable to be
misused, distorted or lost.
– In manual accounting system, paper information can
be easily identified and sourced.
Lack of original journals.
Lack of Original evidence.
Session 8.1
12
Audit risks in EDP Environment
Great variety of accounting software & security
protocols make auditing more difficult.
Risks on Internal Controls.
– In manual accounting, internal control stressed staff
controlling. Employee responsibility system are
clearly defined while in IT environment, Internal
controls consist of both staff and computer
management, with the latter drawing more attention.
Session 8.1
13
Audit risks in EDP Environment
Abnormal accounting errors become possible.
Risks in Audit Process.
– Version updating.
– Difficult to trace historic data.
Session 8.1
14
Preventive Methods
Reforming Audit Techniques and Methodology.
Uses of CAATs
Improving Preliminary and Follow up Audit on IT
System.
Session 8.1
15
Preventive Methods
Strengthening Audit on Internal Controls and
urging Audited Entities to establish and improve
the Internal Control System in EDP Environment.
Enhancing the training of Auditors.
Speeding up the development of Software.
Session 8.1
16
Uses of CAATs



Tests of details of transactions and balances;
Analytical review procedures
Compliance tests of EDP controls
Session 8.1
17
Considerations in the use of CAATs
Computer Knowledge, Expertise and
Experience of the Auditor
Availability of CAATs and Suitable Computer
Facilities
Timing
Documentation
Session 8.1
18
Types of CAATs
CAATs used to validate processes in programs
Program review
Code comparison
Parallel simulation
Test data
The Trace
Session 8.1
19
. CAATs used to analyse data files
File interrogation software
Generalised audit software
Industry specific interrogation software
SCARF
Session 8.1
20
Summary
 Reforming audit techniques and methodology,
 Improving preliminary and follow up audit on IT
System,
 Establishing a unified audit data channel,
Strengthening audit on internal controls and urging
audited entities to establish and improve the internal
control system in IT Environment,
 Enhancing the training of auditors; and
 Speeding up the development of audit software.
Session 8.1
21
IDEA
Session 8.1
22
IDEA- Introduction
Interactive Data Extraction and Analysis
A comprehensive CAAT
Developed by Office of Auditor General of
Canada
Helpful for Auditors, Financial Managers,
Investigators and Accountants
Session 8.1
23
IDEA- Introduction…
display, analyse, manipulate, sample or extract
from data files from almost any source mainframe to PC, including reports printed to a
file
Lower audit cost, enhance the quality to work
and take on new roles by putting the power of
IDEA
Session 8.1
24
Functions of IDEA
Import data from wide range of file types
Perform analysis of data including
comprehensive statistics, profiles, summaries
and ageing
Conducts extensive tests with 70 functions
Perform calculations
Tests for gap in sequence or duplicate data
Session 8.1
25
Functions of IDEA….
Sampling : Random, Systematic, Monetary
Match or compare different files
Session 8.1
26
Downloading the Data
5 stages
–
–
–
–
–
Planning
Requesting the Data
Performing the Transfer
Importing the Data
Checking the Data
Session 8.1
27
Downloading the Data
Planning: discussion with user and IT staff
– File formats of different types
• Excel, Access, dBASE, Lotus etc
• ODBC (Oracle, SQL etc)
• ASCII files (American standard code for information
interchange)
Session 8.1
28
USE of IDEA
Import
Import almost any file type from almost any
source, using IDEA's Import Assistant to
guide you. For more complex files, variable
length records or multiple record types, IDEA
provides a companion product, Record
Definition Editor (RDE). RDE can also be
used to modify record definitions created and
saved by the Import Assistant.
Session 8.1
29
USE of IDEA
Extract
Extractions, or exception testing, is the most frequently used
function in IDEA, used to identify items which satisfy a specific
characteristic, such as payments more than Rs10,000 or
transactions before a given date. The extraction criteria are
entered using the Equation Editor and all records satisfying the
specified criterion are output to a new database. You can perform
a single extraction on a database, or up to 50 separate
extractions with a single pass through the database.
Session 8.1
30
USE of IDEA
Indexed Extraction allows you to limit the
scope of data for which IDEA searches in the
database. An indexed extraction saves time
when reviewing large databases. You can select
and index for the search, rather than have IDEA
search through the entire database.
Session 8.1
31
USE of IDEA
@Functions
@Functions are used to perform more complex
calculations and exception testing. IDEA
provides over 60 functions which can be used for
date arithmetic, text manipulation and
conversion and numerical, financial and
statistical calculations. IDEA functions begin with
the '@' symbol, very similar in style and
operation to functions found in Microsoft Excel.
Session 8.1
32
USE of IDEA
Append
The Append Databases option is used to append or
concatenate two or more files into a single database for
audit testing. For example, you may append 12 monthly
payroll files to produce a database of all payroll
transactions for the year. The database could then be
summarized by Employee to produce year-to-date
gross, net, tax, deductions, etc. Up to 32,768 files can
be appended into a single database.
Session 8.1
33
USE of IDEA
Gaps
You can search a file for gaps in numeric or date
sequence, or alphanumeric sequences with a user
defined mask. For date gaps, you can choose to ignore
weekends or user specified holidays. Like many other
IDEA functions, you can apply criteria before your
search, e.g. look for gaps in check numbers, where the
check amount is greater than Rs1,000. You can also
modify the increment – look for gaps in multiples of 10,
for instance.
Session 8.1
34
USE of IDEA
Sort
The Sort option is used to create a new
database physically sorted in the specified order.
Sorting can significantly improve performance of
certain functions
Session 8.1
35
USE of IDEA
Chart
The Chart Data option can be used to graph data files
or test results, in bar, stacking bar, pie, plot or area
charts. The Charting Assistant will guide you through
the steps for creating a chart. Chart options include
titles, 3D effects, legends, colors and patterns, and grid
styles. Charts can be printed, saved to as a Bitmap file
or copied into any other windows application via the
clipboard.
Session 8.1
36
USE of IDEA
Stratification
Numeric Stratification, Character Stratification
and Date Stratification are powerful tools used to
total the number and value of records within
specified bands. Examples of use include
analyzing items by postal code or alphanumeric
product code or fixed assets by date of
acquisition.
Session 8.1
37
USE of IDEA
Summarization
The Quick Summarization function is used to
accumulate the values of numeric fields for each unique
key where there is a single field in the key. The Key
Field Summarization function is used where there is a
one or more fields in the key. Summarization results can
be graphed and users can drill down on each unique
key.
Session 8.1
38
USE of IDEA
Sampling
IDEA offers four sampling methods together with the ability to calculate sample
sizes based on parameters entered and evaluate the results of sampling tests.
The sampling methods available are systematic (e.g. every 1000th record),
random (number of items chosen purely at random), stratified random (a
specified number of items selected randomly from within range bands), and
monetary unit (e.g. every 1000th Rs or other monetary unit).IDEA also
provides an Attribute Planning and Evaluation option which can be used to
calculate sample sizes, confidence levels, error limits and number of sample
errors. These calculations are used to plan and then evaluate the results of the
samples.
Session 8.1
39
USE of IDEA
Satisfy financial statement
– Accuracy – checking totals and calculations
Analytical Review – comparisons, profiling,
stratifying
Validity – duplicates, exceptions, statistical samples
Completeness – gaps and matches
Cut-off – date and number sequence analysis
Valuation –inventory provisions
Session 8.1
40
Thank You
Session 8.1
41