Internal Audit
Description
Case Studies xv
Preface xvii
Acknowledgments xxi
CHAPTER 1 CAATTs History 1
The New Audit Environment 2
The Age of Information Technology 3
Decentralization of Technology 3
Absence of the Paper Trail 4
Do More with Less 4
Definition of CAATTs 5
Evolution of CAATTs 6
Audit Software Developments 7
Historical CAATTs 8
Test Decks 8
Integrated Test Facility (ITF) 9
System Control Audit Review File (SCARF) 9
Sample Audit Review File (SARF) 9
Sampling 10
Parallel Simulation 10
Reasonableness Tests and Exception Reporting 11
Traditional Approaches to Computer-Based Auditing 12
Systems-Based Approach 12
Data-Based Approach 15
Audit Management and Administrative Support 19
Roadblocks to CAATT Implementation 20
Summary and Conclusions 24
CHAPTER 2 Audit Technology 27
Audit Technology Continuum 27
Introductory Use of Technology 27
Moderate Use of Technology 28
Integral Use of Technology 29
Advanced Use of Technology 30
Getting There 31
General Software Useful for Auditors 32
Word Processing 32
Text Search and Retrieval 34
Reference Libraries 35
Spreadsheets 35
Presentation Software 37
Flowcharting 38
Antivirus and Firewall Software 39
Software Licensing Checkers 39
Specialized Audit Software Applications 40
Data Access, Analysis, Testing, and Reporting 40
Standardized Extractions and Reports 44
Information Downloaded from Mainframe Applications and/or Client Systems 45
Electronic Questionnaires and Audit Programs 48
Control Self-Assessment 49
Parallel Simulation 50
Electronic Working Papers 51
Data Warehouse 52
Data Mining 54
Software for Audit Management and Administration 56
Audit Universe 56
Audit Department Management Software 57
E-mail 57
File Transfer Protocol (FTP) 57
Intranet 59
Databases 60
Groupware 61
Electronic Document Management 61
Electronic Audit Reports and Methodologies 62
Audit Scheduling, Time Reporting, and Billing 63
Project Management 64
Extensible Business Reporting Language (XBRL) 64
Expert Systems 67
Audit Early-Warning Systems 68
Continuous Auditing 69
Continuous Auditing versus ContinuousMonitoring 72
Example of Continuous Auditing: Application to an Accounts Payable Department 74
Stages of Continuous Auditing 77
Continuous Auditing Template 79
Sarbanes-Oxley 80
Important SOX Sections 81
The Role and Responsibility of Internal Audit 83
Risk Factors 84
Detecting Fraud 85
Determining the Exposure to Fraud 86
SOX Software 88
Assessment of IT Controls and Risks 90
Defining the Scope 92
GAIT Principles 93
Governance, Risk Management, and Compliance (GRC) 94
Internal Audit’s Role in the GRC Process 97
Identifying and Assessing Management’s Risk Management Process 99
Assessment of Internal Control Processes 100
GRC Software 101
Summary and Conclusions 102
CHAPTER 3 CAATTs Benefits and Opportunities 103
The Inevitability of Using CAATTs 103
The New IM Environment 105
The New Audit Paradigm 105
Expected Benefits 108
Planning Phase—Benefits 109
Conduct Phase—Benefits 112
Data Analysis 112
Increased Coverage 112
Better Use of Auditor Resources 115
Improved Results 116
Reporting Phase—Benefits 116
Administration of the Audit Function—Benefits 117
Reduced Costs 119
Increased Performance 120
Increased Time for Critical Thinking 122
Recognizing Opportunities 124
Transfer of Audit Technology 126
Summary and Conclusions 127
CHAPTER 4 CAATTs for Broader-Scoped Audits 129
Integrated Use of CAATTs 129
Value-for-Money Auditing 134
Value-Added Auditing of Inventory Systems 134
Data Analysis in Support of Value-Added Inventory Auditing 135
Inventory Management Practices and Approaches 136
Possible Areas for Audit-Suggested Improvements 138
Audit and Reengineering 144
Audit and Benchmarking 148
Summary and Conclusions 152
CHAPTER 5 Data Access and Testing 153
Data Access Conditions 153
Mainframe versus Minicomputer versus Microcomputer 154
Portability of Programs and Data 154
Limitations to Using the Microcomputer 155
Processing Speeds 155
Single Tasking 156
Inability to Deal with Complex Data and File Structures 156
Client Facilities 157
Auditor’s Microcomputer-Based Facilities 158
Data Extraction and Analysis Issues 159
Accessing the Data 160
Data Storage Requirements 161
Analysis of Data 162
Risks of Relying on Data—Reliability Risk 163
Reliance on the Data 164
Knowledge of the System 165
Assessment of the Internal Controls 166
New Topology of Data Tests 167
Reducing Auditor-Induced Data Corruption 168
Potential Problems with the Use of CAATTs 169
Incorrect Identification of Audit Population 169
Improper Description of Data Requirements 171
Invalid Analyses 172
Failure to Recognize CAATT Opportunities 173
Summary and Conclusions 174
CHAPTER 6 Developing CAATT Capabilities 177
Professional Proficiency: Knowledge, Skills, and Disciplines 177
Computer Literacy: Minimal Auditor Skills 178
Ability to Use CAATTs 180
Understanding of the Data 181
Analytical Support and Advice 182
Communication of Results 184
Steps in Developing CAATT Capabilities 184
Understand the Organizational Environment/Assess the Organizational Culture 184
Obtain Management Commitment 185
Establish Deliverables 186
Set Up a Trial 186
Plan for Success 186
Track Costs and Benefits 187
Lessons Learned 187
Organize Working Groups 188
Computer Literacy Working Group 189
CAATT Working Groups 190
Information Systems Support to Audit 191
Assure Quality 195
Quality Assurance Methodology 196
Preventive Controls for CAATTs 197
Detective Controls for CAATTs 198
Corrective Controls for CAATTs 199
Quality Assurance Reviews and Reports 200
Summary and Conclusions 200
CHAPTER 7 Challenges for Audit 203
Survival of Audit 203
Audit as a Learning Organization 204
Knowledge Acquisition 204
Information Dissemination 205
Information Interpretation 205
Organizational Memory 205
New Paradigm for Audit 206
Computer-Assisted Audit Techniques 206
Computer-Aided Audit Thought Support 207
Auditor Empowerment 208
Access to Microcomputers and Computer Networks 209
Access to Audit Software—Meta-Languages 209
Universal Access to Data 210
Access to Education, Training, and Research 210
Skills Inventory 212
Needed versus Actual Skills 212
Required versus Actual Performance 215
Auditor Skills for Using CAATTs 216
IS Auditor Skills 216
Training Programs and Requirements 217
Conceptual Training 217
Technical Training 218
Training Options 218
In-house 218
Professional Associations 218
Educational Institutions 219
Computer-Based, Video-Based, and Web-Based Training 219
Summary and Conclusions 220
Appendices 223
APPENDIX A The Internet—An Audit Tool 225
The Internet 225
Connecting to the Internet 225
General Internet Uses 226
Useful Sites for Auditors 229
Examples of Audit-Related Internet Usage 230
APPENDIX B Information Support Analysis and Monitoring (ISAM) Section 231
APPENDIX C Information Management Concepts 235
APPENDIX D Audit Software Evaluation Criteria 241
General Capabilities 241
Reporting Capabilities 241
Graphics Capabilities 242
Mathematical Functions 242
File Manipulation Capabilities 242
Record Definition Capabilities 242
File Type Capabilities 242
Programming Capabilities 242
Support 243
Other Capabilities 243
References 245
Index 249
David Coderre has over twenty years of experience in internal audit, management consulting, policy development, management information systems, system development, and application implementation areas. He is currently President of CAATS (Computer-Assisted Analysis Techniques and Solutions). He is the author of three highly regarded books on using data analysis for audit and fraud detection.Internal Audit
Efficiency through Automation
Increased globalization of businesses, market pressure to improve operations, and rapidly changing business conditions are creating demand for technology-enabled auditing (TEA) to ensure timely ongoing assurance that controls are working effectively and that risk is properly mitigated.
Part of Wiley's Institute of Internal Auditors Series, Internal Audit: Efficiency through Automation enables auditors to radically improve the effectiveness of their individual audits and the complete audit function through the application of computer-based audit tools and techniques.
Uniquely providing auditors with strategic and implementational guidance on computer-assisted audit tools and techniques (CAATTs), Internal Audit: Efficiency through Automation explains what continuous auditing does and how it can help auditors make better use of data analytics, while maintaining their independence and objectivity in evaluating the effectiveness of risk management and control assessment processes.
This practical book guides auditors in taking advantage of TEA to allow continuous auditing that tracks anomalies, deficiencies, and unusual trends in every step of the auditing process, from the initial development of the risk-based annual audit plan, to the planning, conducting, reporting, and follow-up phases of individual audits. Filled with numerous case studies illustrating the power and flexibility of standard and audit-specific software packages, it thoroughly discusses relevant topics, including:
-
Audit technology
-
CAATTs benefits and opportunities
-
CAATTs for broader-scoped audits
-
The Internet as an audit tool
-
The new audit paradigm
-
Value-added auditing of inventory systems
-
Developing CAATT capabilities
Internal auditors cannot stand by and watch as the rest of the business world embraces new technology. This timely guidebook shows audit managers how to advance the functioning of the audit organization and provides the essential tools to meet the challenges of auditing in today's business environment.
Praise for Internal Audit: Efficiency through Automation"Internal audit's role within the organization is more visible than ever before, largely due to the intense regulatory and compliance pressures of the last few years. This book provides an excellent overview of technology's historical role in supporting audits, and practical examples of the value audit technology provides today. It should be mandatory reading for every audit leader tasked with maximizing the effectiveness of his or her audit team to support high- performing organizations."
—Harald Will, President and CEO, ACL Services Ltd.
"A wonderful desktop reference for anyone trying to move from traditional auditing to integrated auditing. The numerous case studies make it easy to understand?and provide?a how-to?for those?seeking to?implement automated tools including continuous assurance. Whether you are just starting down the path or well on your way, it is a valuable resource."
—Kate M. Head, CPA, CFE, CISA, Associate Director, Audit and Compliance, University of South Florida
"In the many years that it has been my pleasure to know and work with David Coderre, I have always been extremely impressed with his grasp of auditing, risk assessment, and data analytics, but more importantly how to do it all better and faster. If you want a high-quality audit outcome and effective resource utilization, learn from the best —it doesn't get any better!"
—Greg Duckert, CIA, CISA, CPA, CMA,?CEO and founder, Virtual Governance Institute
"'Do more with less.' A familiar phrase, but David Coderre actually shows you how to use technology to enhance your audit product. A must-read for any size audit shop."
—Ian Craigen, Supervising Senior: IS Audit
"David Coderre is the ultimate expert on the use of computer-assisted audit tools and techniques. His twenty-first-century methods are revolutionizing the way audits are conducted. We have used his recommended methods in our audit practice with great success for many years. Every audit organization—internal, external, governmental, SEC, or non-issuer—of every size should have David's books in use. These ideas work."
—David L. Cotton, CPA, CFE, CGFM, Chairman, Cotton & Company LLP
PUBLISHER:
Wiley
ISBN-13:
9780470392423
BINDING:
Hardback
BISAC:
BUSINESS & ECONOMICS
BOOK DIMENSIONS:
Dimensions: 162.60(W) x Dimensions: 236.20(H) x Dimensions: 25.40(D)
AUDIENCE TYPE:
General/Adult
LANGUAGE:
English