COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUE CHAPTER 7
APPLICATION CONTROLS •
•
Application controls are programme proce!res proce!res esigne to eal "it# potential e$pos!res t#at t#reaten speci%c applications& s!c# as pa'roll& p!rc#ases& an cas# is(!rsements s'stems) Application controls *all into t#ree t #ree (roa categories+ inp!t controls& processing controls& controls& an o!tp!t controls
Input Controls •
•
IC are esigne to ens!re t#at t#ese transactions are ,ali& acc!rate& an complete) Data inp!t proce!res can (e eit#er so!rce oc!ment-triggere .(atc#/ or irect inp!t .real time/
Classes o* Inp!t Control •
•
•
•
•
•
So!rce oc!ment controls Data coing controls 0atc# controls 1aliation controls Inp!t error correction 2enerali3e ata inp!t s'stems
1.Source Document Controls •
•
•
Use Pre-numbered Source Documents. Use Source Documents in Sequence Periodically Audit Source Documents
2. Data Coding Controls •
•
Coing controls are c#ec4s on t#e integrit' o* ata coes !se in processing T#ree t'pes o* errors can corr!pt ata coes an ca!se processing errors+ –
transcription errors& •
•
•
–
–
Aition Tr!ncation s!(stit!tion
single transposition errors& an m!ltiple transposition errors
Ho" to etect coing errors •
a control igit .or Check Digits igits/ ae to t#e coe "#en it is originall' assigne t#at allo"s t#e integrit' o* t#e coe to (e esta(lis#e !ring s!(se5!ent processing
3. Batch Control •
•
•
an e6ecti,e met#o o* managing #ig# ,ol!mes o* transaction ata t#ro!g# a s'stem) T#e o(ecti,e to reconcile o!tp!t pro!ce (' t#e s'stem "it# t#e inp!t originall' entere into t#e s'stem) T#is pro,ies ass!rance t#at+ 8 All recors in t#e (atc# are processe) 8 No recors are processe more t#an once) 8 An a!it trail o* transactions is create *rom inp!t t#ro!g# processing to t#e o!tp!t stage o* t#e s'stem) Has# Total non%nancial ata
4. Validation Controls •
•
VC are intene to etect errors in transaction ata (e*ore t#e ata are processe T#ere are t#ree le,els o* inp!t ,aliation controls+ a. Field interroation !. Record interroation c. File interroation
a. Field Interroation •
•
•
•
•
•
E$amine t#e c#aracteristics o* t#e ata in t#e %el Missing ata c#ec4s N!meric-alp#a(etic ata c#ec4s 9ero-,al!es c#ec4s Limit c#ec4s Range c#ec4s
!. Record interroation •
•
•
•
1aliate t#e entire recor (' e$amining t#e interrelations#ip o* its %el ,al!es Reasona(leness c#ec4s Sign c#ec4s Se5!ence c#ec4s
c. File interroation •
•
•
•
To ens!re t#at correct %le is (eing processe (' t#e s'stem Internal la(el c#ec4s 1ersion c#ec4s E$piration ate c#ec4s
". Input error correction •
•
•
Correct immeiatel' Create an error %le Reect t#e entire (atc#
#. $%IS •
•
centrali3e proce!res to manage t#e ata inp!t *or all o* t#e organi3ation:s transaction processing s'stems A,antage + –
–
–
it impro,es control (' #a,ing one common s'stem per*orm all ata ,aliation) 2DIS ens!res t#at eac# AIS application applies a consistent stanar *or ata ,aliation) 2DIS impro,es s'stems e,elopment e;cienc'
•
< component o* 2DIS + 2enerali3e ,aliation mo!le .21M/ 1aliate ata %le Error %le Error reports Transaction log
–
–
–
–
–
Processin Controls •
•
•
R!n-to-R!n controls& Operator inter,ention controls Audit Trail Controls.
=) R!n-to-R!n Controls •
!se (atc# %g!res to monitor t#e (atc# as it mo,es *rom one programme proce!re .r!n/ to anot#er –
–
–
Recalculate Control Totals Transaction Codes Sequence Checks
>) Operator Inter,ention Controls •
S'stems sometimes re5!ire operator inter,ention to initiate certain actions& s!c# as entering control totals *or a (atc# o* recors& pro,iing parameter ,al!es *or logical operations& an acti,ating a program *rom a i6erent point "#en reentering semi-processe error recors
?) A!it Trail Controls •
Transaction Logs –
–
–
–
Log of Automatic Transactions Listing of Automatic Transactions Unique Transaction Identiers !rror Listing
Output Controls •
ens!re t#at s'stem o!tp!t is not lost& misirecte& or corr!pte an t#at pri,ac' is not ,iolate
•
Controlling 0atc# S'stems O!tp!t –
–
–
–
–
–
–
"ut#ut S#ooling $rint $rograms. %ursting. &aste Data control Re#ort distri'ution !nd user control
T&STIN$ CO'P(T&R APPLICATION CONTROLS •
•
.=/ t#e (lac4 (o$ .aro!n t#e comp!ter/ approac# an .>/ t#e "#ite (o$ .t#ro!g# t#e comp!ter/ approac#
t#e (lac4 (o$ approac# •
•
o not rel' on a etaile 4no"lege o* t#e application:s internal logic T#e a,antage o* t#e (lac4-(o$ approac# is t#at t#e application nee not (e remo,e *rom ser,ice an teste irectl'
)hite*Bo+ Approach •
•
•
relies on an in-ept# !nerstaning o* t#e internal logic o* t#e application (eing teste) A!t#enticit' tests& "#ic# ,eri*' t#at an ini,i!al& a programme proce!re& or a message .s!c# as an EDI transmission/ attempting to access a s'stem is a!t#entic Acc!rac' tests& "#ic# ens!re t#at t#e s'stem processes onl' ata ,al!es t#at con*orm to speci%e tolerances) E$amples incl!e range tests& %el tests& an limit tests)
•
•
Completeness tests& "#ic# ienti*' missing ata "it#in a single recor an entire recors missing *rom a (atc#) T#e t'pes o* tests per*orme are %el tests& recor se5!ence tests& #as# totals& an control totals Re!nanc' tests& "#ic# etermine t#at an application processes eac# recor onl' once
•
•
•
Access tests& "#ic# ens!re t#at t#e application pre,ents a!t#ori3e !sers *rom !na!t#ori3e access to ata) Access controls incl!e pass"ors& a!t#orit' ta(les& !ser e%ne proce!res& ata encr'ption& an in*erence controls) A!it trail tests& "#ic# ens!re t#at t#e application creates an ae5!ate a!it trail) Ro!ning error tests& "#ic# ,eri*' t#e correctness o* ro!ning proce!res
CAATT *or testing controls •
t#e test ata met#o& "#ic# incl!es –
–
•
•
(ase case s'stem e,al!ation an tracing&
integrate test *acilit'& an parallel sim!lation
Test ata met#o •
•
T#e test data ,ethod is !se to esta(lis# application integrit' (' processing speciall' prepare sets o* inp!t ata t#ro!g# pro!ction applications t#at are !ner re,ie") T#e res!lts o* eac# test are compare to preetermine e$pectations to o(tain an o(ecti,e e,al!ation o* application logic an control e6ecti,eness
•
An' e,iations (et"een t#e act!al res!lts o(taine an t#ose e$pecte (' t#e a!itor ma' inicate a logic or control pro(lem
•
? met#o o* test ata approac# + Creating test ata prepare set o* (ot# ,ali an in,ali transactions 0ase case s'stem e,al!ation .0CSE/ "it# a test transactions containing all possi(le transaction t'pes Tracing electronic "al4t#ro!g# o* t#e application:s internal logic
–
–
–
•
t#ree primar' a,antages o* test ata tec#ni5!es) –
–
–
t#e' emplo' t#ro!g# t#e comp!ter testing& t#!s pro,iing t#e a!itor "it# e$plicit e,ience concerning application *!nctions) i* properl' planne& test ata r!ns can (e emplo'e "it# onl' minimal isr!ption to t#e organi3ation:s operations) t#e' re5!ire onl' minimal comp!ter e$pertise on t#e part o* a!itors
•
T#e primar' isa,antage o* all test ata tec#ni5!es is t#at a!itors m!st rel' on comp!ter ser,ices personnel to o(tain a cop' o* t#e application *or test p!rposes
The Interated Test Facilit•
•
IT@ approac# is an a!tomate tec#ni5!e t#at ena(les t#e a!itor to test an application:s logic an controls !ring its normal operation A,antages o* IT@ –
–
IT@ s!pports ongoing monitoring o* controls as re5!ire (' SAS 7 applications "it# IT@ can (e economicall' teste "it#o!t isr!pting t#e !ser:s operations an "it#o!t t#e inter,ention o* comp!ter ser,ices personnel
•
Disa,antages o* IT@ –
t#e potential *or corr!pting t#e ata %les o* t#e organi3ation "it# test ata
Parallel Si,ulation •
•
Parallel sim!lation re5!ires t#e a!itor to "rite a program t#at sim!lates 4e' *eat!res or processes o* t#e application !ner re,ie" T#e steps in,ol,e in per*orming parallel sim!lation testing are o!tline #ere) =) T#e a!itor m!st %rst gain a t#oro!g# !nerstaning o* t#e application !ner re,ie") Complete an c!rrent oc!mentation o* t#e application is re5!ire to constr!ct an acc!rate sim!lation) >) T#e a!itor m!st t#en ienti*' t#ose processes an controls in t#e application t#at are critical to t#e a!it) T#ese are t#e processes to (e sim!late