What is computer auditing?
The use of Computer-Assisted Audit Tools (CAATs) to audit through and around computer systems by testing the controls, integrity, and security of IT environments.
This process ensures the reliability of information systems that generate financial data.
What are CAATs or GAS?
- Computer-Assisted Audit Tools
- Generalised Audit Software (e.g., IDEA, ACL, MindBridge)
These tools are used to test large electronic datasets for accuracy, completeness, and validity.
What is the main purpose of computer auditing?
To ensure the reliability of information systems that generate financial data by evaluating general and application controls.
This involves assessing the integrity and security of IT environments.
What are the two types of CAATs?
- Generalised Audit Software (GAS) – e.g., IDEA
- Test Data or Parallel Simulation – auditors run dummy data or recreate client processing.
These types help in different aspects of auditing processes.
What are the five key general IT controls?
- Access control
- Change management
- Backup & recovery
- Segregation of duties
- Audit trail logs
These controls are essential for maintaining the integrity of IT systems.
What ISA standards relate to computer auditing?
- ISA (NZ) 315 (understanding IT systems)
- ISA (NZ) 330 (response to risks)
- ISA (NZ) 500 (audit evidence)
- ISA (NZ) 240 (fraud risk)
These standards guide auditors in evaluating IT systems and risks.
What risks arise when auditing in a computerized environment?
- Unauthorised access
- Data corruption
- Lack of audit trail
- System failure
- Overreliance on automation
These risks can compromise the integrity of the audit process.
What is the difference between auditing around and through the computer?
- Around: tests inputs/outputs only
- Through: tests internal system logic using CAATs
This distinction is crucial for understanding the depth of the audit.
Example of a CAAT procedure for sales?
- Re-calculate total sales
- Test invoice sequence for completeness
- Identify duplicate invoices
These procedures help ensure the accuracy of sales data.
Four CAAT Tests for Inventory Accuracy
- Recalculation test: Multiply quantity × unit cost for all items
- Sequence check: Test inventory item numbers or batch codes to identify missing or duplicated records.
- Exception report: Identify negative quantities or items with no recent movement (possible obsolescence).
- Reconciliation: Match system records to physical count data to verify completeness and accuracy.
Risks when using CAATs
- Data integrity risk
- Security risk - Who has Access
- Technical competence
