Using CAATS to Support IS Audits - Copyright 2003...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
I NFORMATION S YSTEMS C ONTROL J OURNAL ,V OLUME 1, 2003 Copyright © 2003 Information Systems Audit and Control Association. All rights reserved. www.isaca.org. CAAT refers to computer-assisted audit technique. This implies that an auditor’s use of a computer-assisted audit tech- nique is something special—normally the techniques used by an auditor are not computer assisted. Today, in most large and medium-sized enterprises, there are few business processes that are not driven by computers. The business does not refer to them as computer-assisted business processing. The use of computers and information technology for doing business is taken for granted, so why should auditors talk about some- thing special called CAAT? Performing audits without using information technology is hardly an option. When all the information needed for doing an audit is on computer systems, how can one carry out an audit without using the computer? While the audit world will likely grow out of using this terminology, for the purpose of this arti- cle, the term CAAT refers to the use of certain software that can be used by the auditor to perform audits and to achieve the goals of auditing. CAATs can be classified into four broad categories: • Data analysis software • Network security evaluation software/ utilities • OS and DBMS security evaluation software/utilities • Software and code testing tools Data Analysis Software Data analysis software is the most popular of the four and is loosely referred to as audit software. The generic products avail- able under this segment are termed as general purpose audit software, also known in some parts as GAS or generalized audit software. This software has the ability to extract data from com- monly used file formats and the tables of most database sys- tems. Thus, these systems can be used during the audits of almost any application on any technology platform. The audit software can perform a variety of queries and other analyses on the data. Some of the features are: data queries, data stratifica- tion, sample extractions, missing sequence identification, statis- tical analysis and calculations. This software also can perform operations after combining and joining files and tables. The list of features grows with each version of this software and a recent added feature is Benford analysis. Need for Audit Software Going back to the very basics, the IS audit methodology starts with risk analysis, which translates into, “What can go wrong?” The next step is to evaluate controls associated with the situation to mitigate risks, or, “What controls it?” The evalu- ation of controls goes into not only the design of the controls, but also their actual operation and compliance. Most observa- tions, interviews, scrutiny and compliance testing are to deter- mine whether controls exist, are designed well, are understood, operate effectively and are being complied with by the operat- ing personnel. At the end of this phase the IS auditor could have
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/29/2012 for the course INTERNATIO 101 taught by Professor Mr.johnnash during the Spring '11 term at Symbiosis International University.

Page1 / 3

Using CAATS to Support IS Audits - Copyright 2003...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online