chapter 18 concurrent auditing techniques. concurrent auditing techniques to collect audit evidence...
Post on 21-Dec-2015
537 views
TRANSCRIPT
![Page 1: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/1.jpg)
Chapter 18
Concurrent Auditing Techniques
![Page 2: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/2.jpg)
Concurrent Auditing Techniques to collect audit
evidence at the same time as an application system undertakes processing of its production
![Page 3: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/3.jpg)
Basic Nature of Concurrent Auditing Techniques
2 bases for collecting audit evidence Special audit modules are embedded in
application systems to collect, process, and print audit evidenced
Audit records used to store the audit evidence collected so auditors can examine this evidence at a later stage
![Page 4: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/4.jpg)
Concurrent Auditing
![Page 5: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/5.jpg)
Need for Concurrent Auditing Techniques
Disappearing Paper-Based Audit Trail Continuous Monitoring Required by Advance
Systems (see next Figure) Increasing Difficulty of Performing
Transaction Walkthroughs Presence of Entropy in Systems
tendency of systems toward internal disorder and eventual collapse over time
Problems Posed by Outsourced IT Systems (difficult for auditors to be there at the outsource)
EDI and Inter- organizational Info systems
![Page 6: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/6.jpg)
![Page 7: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/7.jpg)
Concurrent Audit Techniques Integrated test facility (dummy company
test data then analysis of authenticity, accuracy, and completeness)
Snapshot/extended record System control audit review file
(SCARF) Continuous and intermittent
simulation (CIS)
![Page 8: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/8.jpg)
Integrated Test Facility (ITF) Verifies authenticity, accuracy, and
completeness Involves 2 major design decisions:
What method will be used to enter test data?
What method will be used to remove the effects of ITF transactions?
![Page 9: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/9.jpg)
Methods of Entering Test Data Using ITF
2 Methods(1) Involves tagging transactions
submitted as production input to the application system to be tested
(2) Involves designing new test transactions and entering them with the production input into the application system
![Page 10: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/10.jpg)
Entering test data
![Page 11: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/11.jpg)
Methods of Removing the Effects of ITF Transactions
3 Methods(1) Modify the application system
programs to recognize ITF transactions and to ignore them in terms of any processing that might affect users
(2) Submit additional input that reverses the effects of the ITF transactions
(3) Submit trivial entries so the effects of the ITF transaction on output are minimal
![Page 12: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/12.jpg)
Snapshot/Extended Record Involves software taking “pictures” of a
transaction as it flows through an application system.
Major Implementation Decisions Where to locate the snapshot points? When to capture snapshots of transactions? Items needed for reporting of the snapshot
data that is captured (timestamp, ID, time of each process)
![Page 13: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/13.jpg)
![Page 14: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/14.jpg)
![Page 15: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/15.jpg)
System Control Audit Review File
The most complex technique Involves embedding audit software
modules within a host application system to provide continuous monitoring of the system’s transactions
2 major design decisions: What info. will be collected by SCARF? What reporting system will be used?
![Page 16: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/16.jpg)
![Page 17: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/17.jpg)
Information Collected by SCARF Application system errors Policy and procedural variances System exceptions (certain errors are allowed)
Statistical samples Snapshots and extended records Profiling data (data to build profile of users)
Performance measurement data
![Page 18: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/18.jpg)
Structure of SCARF Reporting
Design Decisions Determining how the SCARF file
will be updated (e.g., small applications send data to the file once a day)
Choosing sort codes and report formats to be used
Choosing the timing of report preparation
![Page 19: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/19.jpg)
![Page 20: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/20.jpg)
Continuous & Intermittent SimulationPrimary advantages of CIS SCARF defines exceptions of interest
but CIS traps exceptions for auditors using DBMS. It does not not require modifications to the application system
Provides an online auditing capability Requires less programming instructions Less input/output overheads
![Page 21: Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes](https://reader036.vdocument.in/reader036/viewer/2022081415/56649d5e5503460f94a3ec39/html5/thumbnails/21.jpg)