Custom Search

Sunday, April 8, 2007

CISA 2007 - Audit Process continued #2

Continuous and Intermittent simulation (CIS) is a moderately complex set of programs which simulate the process instruction of a transaction. As each transaction in entered into a program it is checked to see if it meets certain predefined criteria. If the predefined criteria is met, the program audits the transaction.If not it waits for the next transaction until the predefined criteria is met and audits again.

Audit hooks are low complexity programs that focuses on certain specific conditions instead of detailed criteria in identifying transactions for review.

ITF focuses on test versus live data

During an IT audit, An integrated test facility (ITF) creates a fictitious entity in the database to process test transactions simultaneously with live input. Its advantage is that periodic testing does not require separate test processes. However, careful planning is necessary, and test data must be isolated from production data.

SCARF/EAM focuses on controls versus data

A snapshot tool is most useful when an audit trail is required

To detect errors of a previous period of a IT audit, we can make use of Generalized audit software features. It include include mathematical computations, stratification, statistical analysis, sequence checking, duplicate checking and recomputations.

For example,if the vice president of human resources has requested a IT audit to identify payroll overpayments for the previous year.It would be good to use Generalized audit software features because you could design appropriate tests to recompute the payroll and, thereby, determine if there were overpayments and to whom they were made.

Test data would test for the existence of IT controls that might prevent overpayments, but it would not detect specific, previous miscalculations. Neither an integrated test facility nor an embedded audit module would detect errors for a previous period.

Related Tags: , , , ,

No comments: