Audit Software

1
Audit Software

• Chapter 16

2
Introduction

• Various types of software can be used to assist
  auditors in evidence collection.
• Some can be purchased off the shelf.
• IDEA Interactive Data Extraction and Analysis
• ACL for Windows (Audit Command Language)
• Others must be developed specifically to address
  audit needs.

3
IDEA

• This versatile tool is useful for any type of
  file interrogation and offers users the benefits
  of this and other functionality
• document the analysis plan and progress in a
  To-do List
• import data from a wide range of file types
• create custom views of the data and create
  reports
• perform analyses of data including calculation
  of comprehensive statistics, gap detection,
  detection of duplicates, summaries, and aging
• conduct exception tests of unusual or
  inconsistent items using simple or complex
  criteria. IDEA has more than 80 built-in
  functions for arithmetic, text, and date
  criteria, including many new financial functions

4
IDEA

• perform calculations
• select samples using systematic, random,
  attribute or monetary unit techniques
• match or compare different files
• create pivot tables for multi-dimensional
  analysis
• generate automatically a complete History
  documenting the analysis
• record or create macros with a customizable VBA
  compatible scripting tool, IDEAScript

5
IDEA
6
Generalized Audit Software

• A major tool that auditors can use to collect
  evidence on the quality of application systems
• Provides a means to gain access to and
  manipulate data maintained on computer storage
  media
• Developed to allow auditors to
• Undertake their evidence collection work in a
  variety of hardware/software environments
• Develop an audit capability quickly
• Maintain the technical knowledge auditors need to
  be able to retrieve data from and manipulate data
  in computer based information systems

7
Generalized Audit Software

• Motivations for generalized audit software (GAS)
• Functional capabilities of GAS
• Audit tasks that can be accomplished using GAS
• Accessing data with GAS
• Managing a GAS application

8
Functional Capabilities of GAS

• File access
• File reorganization
• Selection
• Arithmetic
• Stratification and frequency analysis
• File creation and updating
• Reporting

• Data coding, record formats and data structures
• Sorting and merging
• GT, LT And Or QBE
• Sampling selection / evaluation
• Classify into categories and cross-tab
• Create and update work files based on clients
  production
• Editing and formatting output

9
ACL Menus

• There are eight ACL menus
• File Lists options for managing documents and
  log files, as well as quitting ACL. It also
  displays up to the last eight documents with
  which you worked.
• Edit Lists options for editing the various
  components of the ACL document, as well as
  accessing preference settings.
• Data Lists ACL commands that create data as
  output.
• Analyze Lists ACL commands that produce
  information as output.
• Sampling Lists options for sampling data.
• Tools Lists miscellaneous ACL commands, including
  batch commands and customizing the toolbar.
• Window Lists options for arranging, opening and
  displaying windows as well as setting fonts for
  each window.
• Help Lists options for displaying the ACL Help,
  Contacting ACL and About ACL windows.

10
ACL Commands
DEFINE RELATION DEFINE REPORT DELETE and DELETE
HISTORY DIALOG DISPLAY DO BATCH DO REPORT
DUMP DUPLICATES ELSE
ACCEPT ACTIVATE AGE ASSIGN CALCULATE CLASSIFY
CLOSE COMMENT COUNT DEFINE FIELD
SAMPLE SAVE SEARCH SEEK SEQUENCE SET
SIZE SORT STATISTICS STRATIFY
SUMMARIZE TOP TOTAL VERIFY
11
ACL Commands
END EVALUATE EXPORT EXTRACT FILE HISTORY
FIND GAPS GROUP HELP HISTOGRAM IF
INDEX
JOIN LIST LOCATE LOOP MERGE OPEN PAUSE
PROFILE QUIT RANDOM RENAME REPORT
12
Audit Tasks That Can be Accomplished Using GAS

• Examine the existence, accuracy, completeness,
  consistency, and timeliness of data maintained on
  computer storage media of the data
• Examine the quality of processes embedded within
  and application system
• Examine the existence of the entities the data
  purports to represent by facilitating the
  physical observation and counting of these
  entities via statistical sampling
• Undertake analytical review to monitor key audit
  indicatorssuch as trends in working capital
  ratios over time

13
Functional Limitations of GAS

• Evidence collection is not always timely because
  it can be used to gather evidence on the state of
  application systems only some time after data has
  been processed
• It can perform only limited tests to verify the
  authenticity, accuracy, and completeness of
  processing logic
• It can be used to only a limited way to determine
  the propensity of an application system to make
  errors

14
Accessing data on another machine

• There are several ways auditors can transfer data
  from the other machine to the machine on which
  the generalized audit software package resides
• File written to a cartridge, zip disk, tape or
  diskette that can be read by the auditors
  computer
• Data transferred through a modem or other
  communication device
• Downloaded from a LAN, WAN, Virtual Private
  network, etc using FTP or other protocols

15
Accessing Data with GAS
Tape
Lan
Modem
16
Managing a GAS Application

• GAS applications must be managed properly like
  the development and implementation of any piece
  of software. The following phases should be
  managed carefully
• Feasibility analysis and planning
• Application design
• Coding and testing
• Operations, evaluation and documentation of
  results obtained from the GAS application

17
Industry Specific Audit software

• Industry-specific audit software is audit
  software that has been designed to provide a
  high-level commands that invoke common audit
  functions needed within a particular industry
• It may run only on a limited set of
  hardware/software platforms.
• Moreover it may have been developed to access
  data maintained by a specific application package
  that is widely used within the industry

18
Industry Specific Software

• Loan arrears audit
• Interest audit
• Term deposit audit
• Member ledger balances audit
• Member ledger transactions audit
• Member biographical data

• Dormancy audit
• Incompatible duties audit
• Legislative compliance audit

19
High-Level Languages

• Auditors might sometimes use high level languages
  such as fourth generation programming languages
  and statistical software to gain access to data
  and manipulate it.
• SQL, QBE, SPSS, SAS

• Includes most function of GAS
• Sometimes more user friendly
• More powerful statistical functions
• Better support from IT staff
• Widespread deployment of microcomputers, windows
  and internet contributes to increased use.

20
Utility software

• Software that performs fairly specific functions
  that are needed frequently, often by a large
  number of users, during the operation of computer
  systems.
• Go to http//download.cnet.com/
• Utilities Antivirus, Security, Software Updates,
  Most Popular...
• Reasons for using utilities
• programs exist for specific security or integrity
  related functionsvirus checking
• formatting and downloading data winzip
• to do functions not included in GAS disk
  recovery, defragmentation or scanning
• more effective and efficient than GAS
• test and develop GAS programs

21
Utility Software

• Facilitate assessing security and integrity
• Facilitate system understanding
• Facilitate assessing data quality
• Facilitate program development
• Facilitate assessing operational efficiency

22
Utilities for Security and Integrity

• Virus scanner
• Damaged disk recovery
• Unerase
• Undo format
• Software inventory manager
• Static security analyzer
• Dynamic security analyzer

• Dial up access risk analyzer
• Access control analyzer
• Invalid social insurance number

23
Utilities for Facilitate Systems Understanding

• Configuration analyzer
• Flowcharter
• Hierarchy charter
• Execution path mapper
• Cross-reference lister
• Data structure charter
• Transaction profile analyzer
• Text manager/ Help system

24
Utilities to Facilitate Assessing Data Quality

• Find file
• Query facility
• Rule validation
• Data structure conversion
• Pointer validation utility
• Data manipulation utilities
• Dump/Lister
• Data comparison utility

25
Utilities to Facilitate Assessing Program Quality

• Test data generator
• Trace
• Online debugging facility
• Execution path monitor
• Output analyzer
• Network simulator
• Terminal simulator
• Concurrent monitor
• Source/object code comparison
• Change tracker

Access 2000
26
Utility Software to Facilitate Program Development

• Shorthand preprocessor
• Macro
• Decision-table preprocessor
• Library copy
• Tidy
• Report generators
• Language subset facility
• Code optimizer
• Volume test facility

Visual Studio Enterprise Tools
27
Visual Studio 6.0 Tools
28
Visual Basic 6.0 Tools
Add-Ins
Tools
Designers
29
Utility Software to Facilitate Assessing
Operational Efficiency

• Central processing utilization
• Real memory
• Secondary storage
• Channel utilization
• Communications line
• Peripheral
• Task rates
• Response times
• Queue Lengths

• Input Output buffer
• I/O concurrency
• Direct access seek times
• Paging rates/thrashing
• Frequency of checkpoints and restarts
• Storage media
• Effects of changes in memory allocations

30
Expert Systems

• Motivations for using expert systems
• share knowledge
• helps keep up with changing technologies
• increasing consensus
• Components of an expert system
• knowledge base / inference engine / tutorial
  component / knowledge acquisition component
• Types of audit expert systems
• risk analysis/ internal control evaluation /
  audit program planning / technical advice

31
Neural Network Software

• Function like neurons in the brain
• Major uses
• Pattern recognition
• Classification purposes
• Trained by presenting cases
• Adjust internal weights between components

32
Specialized Audit Software

• Reasons for developing specialized audit software
• unavailability of alternative software
• functional limitations of alternates
• efficiency considerations
• increased understanding of systems
• opportunity for easy implementation
• increased auditor independence and respect
• Development and implementation of specialized
  audit software

33
Other Audit Software

• Simulation of internal control
• Questionnaire generation
• Description of internal control
• Represent complex relationships

34
Control Over Audit Software

• Evaluate level of control over the software
• Integrity violations
• Run-to-run controls