It is very helpful for a CPA to use Computer-Assisted Audit Techniques (CAATs) when auditing a negotiation. CAATs may correct the energy and competency of auditing proceedings. They may to-boot stipulate potent standard standards of regulates and corporeal proceedings where there are no input muniments or a discernible audit transcript, or where population and case are very big. The meaning of this Assertion is to stipulate regulate on the use of CAATs. It applies to all uses of CAATs involving a computer of any sign or bulk.
Description of Computer Assisted Audit Techniques (CAATs)
CAATs are computer programs and grounds the attraction uses as bisect of the audit proceedings to mode the grounds of audit appreciation contained in an existence's advice arrangements. The grounds may be negotiation grounds, on which the attraction wishes to enact standards of regulates or corporeal proceedings, or they may be other kinds of grounds. For stance, details of the contact of some unconcealed regulates may be in the constitute of passage or other files by contacts that are not bisect of the accounting arrangement. The attraction can use CAATs to re-examination those files to compel attraction of the existence and agency of those regulates.
Considerations in the use of CAATs
The IT Knowledge, Expertise and Experience of the Audit Team
According to PSA 401 "Auditing in a Computer Advice Systems Environment" deals delay the roll of expertness and adequacy the audit team wants to pass an audit in an IT environment.
The audit team should own competent cognizance to delineation, enact and use the results of the bisecticular CAAT adopted. The roll of cognizance required depends on the perplexity and kind of the CAAT and of the existence's advice arrangement.
The Availability of CAATs and Suitpotent Computer Facilities and Data
The attraction may delineation to use the other computer facilities when the use of CAATs on an existence's computer is uneconomical or impractical.
Impracticability of Manual Test
Some audit proceeding may not be feasible to enact manually accordingly they depend on envelopd modeing or envelop sums of grounds that would dip any manual proceeding. In conjunction, abundant computer advice arrangements enact jobs for which no distressing delineation attraction is beneficial and hence, it may be unuspotent for the attraction to enact standards manually.
Effectiveness and Efficiency
The energy and competency of auditing proceedings may be correctd by using CAATs to conciliate and evaluate audit attraction.
Certain grounds, such as negotiation details, are repeatedly kept for barely a scanty age, and may not be beneficial in machine-readpotent constitute by the age the attraction wants them. Thus, the attraction conciliate want to find arrangements for the appropriation of grounds required, or may want to change the timing of the fulfilance that requires such grounds.
The elder steps to be beneathtaken by the attraction in the contact of a CAAT are to:
a. Set the extrinsic of the CAAT contact
b. Mention the gratified and admittanceibility
c. Establish the local files or groundsbase to be examined
d. Comprehend the relationship between the grounds tables where a groundsbase is to be examined
e. Define the local standards or proceedings and afavor negotiations and balances seeked
f. Define the output requirements
g. Arrange delay the user and IT departments, if misapply, for copies of the after a whilehold files or groundsbase tables to be made at the misapply cutoff epoch and age
h. Establish the specialnel who may bisecticipate in the delineation and contact of the CAAT
i. Refine the estimates of absorbs and benefits
j. Secure that the use of CAATs is uprightly inferior and munimented
k. Arrange the professional activities, including the needful expertnesss and computer facilities
l. Reconcile grounds to be used for the CAAT delay the accounting proceedingss
m. Enact the CAAT contact; and
n. Evaluate the results.
Using CAATs in Mean Existence IT Environment
Great argument on standards of details of negotiations and balances and analytic re-examination proceedings, which may acception the energy of real CAATs, bisecticularly audit software.
Where meaner volumes of grounds are modeed, manual modes may be more absorb potent. A mean existence may not be potent to stipulate comprehensive technical reckonenance to the attraction, making the use of CAATs unusable. Real audit lot or unconcealedized audit software may not chattels mean computers, thus restricting the attraction's precious of CAATs.
Computer-Assisted Audit Techniques (CAATs)
Audit Productivity Software
Are implements used by attractions that arrange their productivity by automating the auditing exercise and refer the sum of age they exhaust on other professional jobs. These implements conceive electronic fulfilanceing Nursing Dissertation, groupware, agreement treatment, regard libraries and muniment treatment.
Generalized Audit Software Tool
Is the implement use by the attractions to automate opposed audit job. Delineation to learn, mode and transcribe grounds delay the aid of exercises enacting local audit routines and delay self-made macros.
Testing Computer Contact Controls
Two Unconcealed Approaches – Black box (environing the computer) access
- White box (through the computer) access
Black box access
Auditors do not upright depend on a constructive cognizance of the contact's inside logic. Instead, they strive to comprehend the exerciseal characteristics of the contact by analyzing flowcharts and interviewing cognizancepotent specialnel in the client's construction.
White box access
Relies on an in-depth cognizance of the inside logic of the contact existence standarded.
COMMON TYPES OF TESTS OF CONTROLS
Authenticity standards – which realize that an separate, a programmed proceeding, or a message attempting to admittance a arrangement is accepted.
Accuracy standards – which secure that the arrangement modees barely grounds appraises that conconstitute to certain tolerances.
Completeness standards – establish detriment grounds delayin a solitary proceedings and total proceedingss detriment from a conspire.
Redundancy standards – mention that an contact modees each proceedings barely unintermittently.
Access standards – which secure that the contact thwarts attested users from unattested admittance to grounds.
Audit transcript standards – which secure that the contact creates an comprehensive audit transcript.
Rounding falsity standards – realize the truthfulness of rounding proceedings.
Computer-Aided Audit Tools and Techniques for Testing
a. Standard grounds mode – is used to symmetrical contact honor by modeing chiefly apt sets of input grounds through evolution contacts that are beneath re-examination.
b. Integrated standard ease access is an automated technique that strengthens the attraction to standard an contact's logic and regulates during its usual agency.
c. Parallel hypocrisy – requires the attraction to transcribe a program that simulates key features or modees of the contact beneath re-examination.
Continuous Auditing Techniques
Binary obstruct – mention whether a regulate is fulfilanceing potently. Stance is the register reckon.
Outlier – is a numerical appraise that is indicatively opposed than one susceptibility anticipate.
Trends – anatomy software to establish trends.
Electronic Commerce−Effect on the Audit of Financial Statements
The meaning of this Philippine Auditing Practice Assertion is to impart regulate to support attractions of financial assertions where an existence engages in interchangeable ardor that takes assign by media of afavor computers aggravate a openly-known network. The meaning of the attraction's compensation is not to find an conviction or stipulate consulting services in-reference-to the existence's e-commerce arrangements.
The internet refers to the universewide netperformance of computer networks that is nowadays very helpful to the openly-known. It is a shared openly-known netperformance that strengthens message delay other entities and separates environing the universe making the universe meaner for everybody. There is some expose that is inevitpotent when using openly-known netperformance that the attraction must comprehend.
Skills and Knowledge
It is indicative that the attraction has the expertnesss and cognizance to enact the audit. He is to-boot under obligation to secure that the IT specialnel is helpful to own negotiation cognizance to enact the audit. They must comprehend the what to seek the financial assertions favor the existence's administration and activities, technology applied and exposes that can seek the negotiation.
Knowledge of the Business
The attraction must achieve cognizance of the negotiation ample to enpotent the attraction to establish and beneathstand the results, negotiations, and practices that may own a indicative chattels on the financial assertions or on the audit repute. Cognizance of the negotiation conceives a unconcealed cognizance of the administration and the perseverance delayin which the existence chattelss. The enlargement of the e-commerce may own a big chattels on the existence's transmitted negotiation environment.
It is inevitpotent for a treatment to aspect exposes touching to the negotiation activities of the gang favor; missing of negotiation honor; pervasive e-commerce assurance expose; arrangement availability expose; missing of advice privacy; imjust accounting policies; insubordination delay taxation and other lawful regulatory requirements; aggravate assurance on e-commerce when placing indicative negotiation arrangements; and arrangements and infrastructure failures or crashes.
Internal Regulate Considerations
Internal regulates can be used to diminish abundant of the exposes associated delay e-commerce activities. In accordance delay PSA 400, "Risk Assessments and Inside Control," the attraction compliments the regulate environment and regulate proceedings the existence has applied to its e-commerce activities to the degree they are after a whilehold to the financial assertion assertions. As well-mannered-mannered as addressing assurance, negotiation honor, and mode alignment.
The Chattels of Electronic Registers on Audit Evidence
Electronic proceedingss of attraction can be amply destroyed or changeed and there may not be any just proceedingss for negotiation negotiation. The attraction accounts whether the existence's assurance of advice policies, and assurance regulates as implemented are competent to thwart unattested changes to the accounting arrangement or proceedingss. The attraction may standard automated regulates to obstruct the proceedings honor, digital signatures, electronic epoch stamps and the favors. Depending on his impost whether to enact conjunctional proceedings or not.
IT Expose and Controls
1. Identifying IT Expose – It is indicative to establish exposes to your IT arrangements and grounds, to refer or guide those exposes, and to clear a counter-argument delineation in the result of an IT emergency. IT exposes conceive:
Hardware and software failure- favor authority missing or grounds corruption
Malware – intolerant software delineationed to disrupt computer agency
Viruses – computer command that can delineation itself and disseminate from one computer to another, repeatedly disrupting computer agencys
Spam, scan and phishing – unsolicited email that strives to machination mass into revealing separate details or buying delusive goods
Human Falsity – inexact grounds modeing, defective grounds division, or surroundings hole of rotten email attachments.
Identifying IT Controls
They are local activities enacted by a special or arrangement that own been delineationed to thwart or descry the event of a expose that could browbeat your advice technology infrastructure and cherished negotiation contacts. The two generic categories of IT regulates are; unconcealed regulates and contact regulates. Examples of unconcealed regulates are solid password device and encryption of sensitive devices. Stance of contact regulate is abnormity descryion arrangement.
Documenting IT Controls
When munimenting IT regulates, it should conceive a bisecticular style of the bisecticular regulates standarded, the mode used to standard the regulates, the number of ages each regulate conciliate be standarded, the arrangement used to cull the individuals separated, register of the individual separated, register of any malcontent, their causes and implications, and any qualification or changes to our administration resulting from our standards.
Monitoring IT Risks and Controls
Is the mode for tracking pinpointed exposes, instructoring redundancy exposes, establishing fresh exposes, portray expose counter-argument delineations and evaluating their energy throughout the plan existence cycle. It is very indicative not barely for the attractions but to-boot for the treatment concertedly delay the IT regulateler to instructor the exposes and regulates that conciliate be applied to refer the feasible advenient remainder that can damage the negotiation.