{"product_id":"internal-audit-isbn-9780470392423","title":"Internal Audit","description":"Internal Audit: Efficiency Through Automation teaches state-of-the-art computer-aided audit techniques, with practical guidelines on how to get much needed data, overcome organizational roadblocks, build data analysis skills, as well as address Continuous Auditing issues. Chapter 1 CAATTs History, Chapter 2 Audit Technology, Chapter 3 Continuous Auditing, Chapter 4 CAATTs Benefits and Opportunities, Chapter 5 CAATTs for Broader Scoped Audits, Chapter 6 Data Access and Testing, Chapter 7 Developing CAATT Capabilities, Chapter 8 Challenges for Audit, \u003cp\u003eCase Studies xv\u003c\/p\u003e \u003cp\u003ePreface xvii\u003c\/p\u003e \u003cp\u003eAcknowledgments xxi\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 1 CAATTs History 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe New Audit Environment 2\u003c\/p\u003e \u003cp\u003eThe Age of Information Technology 3\u003c\/p\u003e \u003cp\u003eDecentralization of Technology 3\u003c\/p\u003e \u003cp\u003eAbsence of the Paper Trail 4\u003c\/p\u003e \u003cp\u003eDo More with Less 4\u003c\/p\u003e \u003cp\u003eDefinition of CAATTs 5\u003c\/p\u003e \u003cp\u003eEvolution of CAATTs 6\u003c\/p\u003e \u003cp\u003eAudit Software Developments 7\u003c\/p\u003e \u003cp\u003eHistorical CAATTs 8\u003c\/p\u003e \u003cp\u003eTest Decks 8\u003c\/p\u003e \u003cp\u003eIntegrated Test Facility (ITF) 9\u003c\/p\u003e \u003cp\u003eSystem Control Audit Review File (SCARF) 9\u003c\/p\u003e \u003cp\u003eSample Audit Review File (SARF) 9\u003c\/p\u003e \u003cp\u003eSampling 10\u003c\/p\u003e \u003cp\u003eParallel Simulation 10\u003c\/p\u003e \u003cp\u003eReasonableness Tests and Exception Reporting 11\u003c\/p\u003e \u003cp\u003eTraditional Approaches to Computer-Based Auditing 12\u003c\/p\u003e \u003cp\u003eSystems-Based Approach 12\u003c\/p\u003e \u003cp\u003eData-Based Approach 15\u003c\/p\u003e \u003cp\u003eAudit Management and Administrative Support 19\u003c\/p\u003e \u003cp\u003eRoadblocks to CAATT Implementation 20\u003c\/p\u003e \u003cp\u003eSummary and Conclusions 24\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 2 Audit Technology 27\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAudit Technology Continuum 27\u003c\/p\u003e \u003cp\u003eIntroductory Use of Technology 27\u003c\/p\u003e \u003cp\u003eModerate Use of Technology 28\u003c\/p\u003e \u003cp\u003eIntegral Use of Technology 29\u003c\/p\u003e \u003cp\u003eAdvanced Use of Technology 30\u003c\/p\u003e \u003cp\u003eGetting There 31\u003c\/p\u003e \u003cp\u003eGeneral Software Useful for Auditors 32\u003c\/p\u003e \u003cp\u003eWord Processing 32\u003c\/p\u003e \u003cp\u003eText Search and Retrieval 34\u003c\/p\u003e \u003cp\u003eReference Libraries 35\u003c\/p\u003e \u003cp\u003eSpreadsheets 35\u003c\/p\u003e \u003cp\u003ePresentation Software 37\u003c\/p\u003e \u003cp\u003eFlowcharting 38\u003c\/p\u003e \u003cp\u003eAntivirus and Firewall Software 39\u003c\/p\u003e \u003cp\u003eSoftware Licensing Checkers 39\u003c\/p\u003e \u003cp\u003eSpecialized Audit Software Applications 40\u003c\/p\u003e \u003cp\u003eData Access, Analysis, Testing, and Reporting 40\u003c\/p\u003e \u003cp\u003eStandardized Extractions and Reports 44\u003c\/p\u003e \u003cp\u003eInformation Downloaded from Mainframe Applications and\/or Client Systems 45\u003c\/p\u003e \u003cp\u003eElectronic Questionnaires and Audit Programs 48\u003c\/p\u003e \u003cp\u003eControl Self-Assessment 49\u003c\/p\u003e \u003cp\u003eParallel Simulation 50\u003c\/p\u003e \u003cp\u003eElectronic Working Papers 51\u003c\/p\u003e \u003cp\u003eData Warehouse 52\u003c\/p\u003e \u003cp\u003eData Mining 54\u003c\/p\u003e \u003cp\u003eSoftware for Audit Management and Administration 56\u003c\/p\u003e \u003cp\u003eAudit Universe 56\u003c\/p\u003e \u003cp\u003eAudit Department Management Software 57\u003c\/p\u003e \u003cp\u003eE-mail 57\u003c\/p\u003e \u003cp\u003eFile Transfer Protocol (FTP) 57\u003c\/p\u003e \u003cp\u003eIntranet 59\u003c\/p\u003e \u003cp\u003eDatabases 60\u003c\/p\u003e \u003cp\u003eGroupware 61\u003c\/p\u003e \u003cp\u003eElectronic Document Management 61\u003c\/p\u003e \u003cp\u003eElectronic Audit Reports and Methodologies 62\u003c\/p\u003e \u003cp\u003eAudit Scheduling, Time Reporting, and Billing 63\u003c\/p\u003e \u003cp\u003eProject Management 64\u003c\/p\u003e \u003cp\u003eExtensible Business Reporting Language (XBRL) 64\u003c\/p\u003e \u003cp\u003eExpert Systems 67\u003c\/p\u003e \u003cp\u003eAudit Early-Warning Systems 68\u003c\/p\u003e \u003cp\u003eContinuous Auditing 69\u003c\/p\u003e \u003cp\u003eContinuous Auditing versus ContinuousMonitoring 72\u003c\/p\u003e \u003cp\u003eExample of Continuous Auditing: Application to an Accounts Payable Department 74\u003c\/p\u003e \u003cp\u003eStages of Continuous Auditing 77\u003c\/p\u003e \u003cp\u003eContinuous Auditing Template 79\u003c\/p\u003e \u003cp\u003eSarbanes-Oxley 80\u003c\/p\u003e \u003cp\u003eImportant SOX Sections 81\u003c\/p\u003e \u003cp\u003eThe Role and Responsibility of Internal Audit 83\u003c\/p\u003e \u003cp\u003eRisk Factors 84\u003c\/p\u003e \u003cp\u003eDetecting Fraud 85\u003c\/p\u003e \u003cp\u003eDetermining the Exposure to Fraud 86\u003c\/p\u003e \u003cp\u003eSOX Software 88\u003c\/p\u003e \u003cp\u003eAssessment of IT Controls and Risks 90\u003c\/p\u003e \u003cp\u003eDefining the Scope 92\u003c\/p\u003e \u003cp\u003eGAIT Principles 93\u003c\/p\u003e \u003cp\u003eGovernance, Risk Management, and Compliance (GRC) 94\u003c\/p\u003e \u003cp\u003eInternal Audit’s Role in the GRC Process 97\u003c\/p\u003e \u003cp\u003eIdentifying and Assessing Management’s Risk Management Process 99\u003c\/p\u003e \u003cp\u003eAssessment of Internal Control Processes 100\u003c\/p\u003e \u003cp\u003eGRC Software 101\u003c\/p\u003e \u003cp\u003eSummary and Conclusions 102\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 3 CAATTs Benefits and Opportunities 103\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Inevitability of Using CAATTs 103\u003c\/p\u003e \u003cp\u003eThe New IM Environment 105\u003c\/p\u003e \u003cp\u003eThe New Audit Paradigm 105\u003c\/p\u003e \u003cp\u003eExpected Benefits 108\u003c\/p\u003e \u003cp\u003ePlanning Phase—Benefits 109\u003c\/p\u003e \u003cp\u003eConduct Phase—Benefits 112\u003c\/p\u003e \u003cp\u003eData Analysis 112\u003c\/p\u003e \u003cp\u003eIncreased Coverage 112\u003c\/p\u003e \u003cp\u003eBetter Use of Auditor Resources 115\u003c\/p\u003e \u003cp\u003eImproved Results 116\u003c\/p\u003e \u003cp\u003eReporting Phase—Benefits 116\u003c\/p\u003e \u003cp\u003eAdministration of the Audit Function—Benefits 117\u003c\/p\u003e \u003cp\u003eReduced Costs 119\u003c\/p\u003e \u003cp\u003eIncreased Performance 120\u003c\/p\u003e \u003cp\u003eIncreased Time for Critical Thinking 122\u003c\/p\u003e \u003cp\u003eRecognizing Opportunities 124\u003c\/p\u003e \u003cp\u003eTransfer of Audit Technology 126\u003c\/p\u003e \u003cp\u003eSummary and Conclusions 127\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 4 CAATTs for Broader-Scoped Audits 129\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntegrated Use of CAATTs 129\u003c\/p\u003e \u003cp\u003eValue-for-Money Auditing 134\u003c\/p\u003e \u003cp\u003eValue-Added Auditing of Inventory Systems 134\u003c\/p\u003e \u003cp\u003eData Analysis in Support of Value-Added Inventory Auditing 135\u003c\/p\u003e \u003cp\u003eInventory Management Practices and Approaches 136\u003c\/p\u003e \u003cp\u003ePossible Areas for Audit-Suggested Improvements 138\u003c\/p\u003e \u003cp\u003eAudit and Reengineering 144\u003c\/p\u003e \u003cp\u003eAudit and Benchmarking 148\u003c\/p\u003e \u003cp\u003eSummary and Conclusions 152\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 5 Data Access and Testing 153\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eData Access Conditions 153\u003c\/p\u003e \u003cp\u003eMainframe versus Minicomputer versus Microcomputer 154\u003c\/p\u003e \u003cp\u003ePortability of Programs and Data 154\u003c\/p\u003e \u003cp\u003eLimitations to Using the Microcomputer 155\u003c\/p\u003e \u003cp\u003eProcessing Speeds 155\u003c\/p\u003e \u003cp\u003eSingle Tasking 156\u003c\/p\u003e \u003cp\u003eInability to Deal with Complex Data and File Structures 156\u003c\/p\u003e \u003cp\u003eClient Facilities 157\u003c\/p\u003e \u003cp\u003eAuditor’s Microcomputer-Based Facilities 158\u003c\/p\u003e \u003cp\u003eData Extraction and Analysis Issues 159\u003c\/p\u003e \u003cp\u003eAccessing the Data 160\u003c\/p\u003e \u003cp\u003eData Storage Requirements 161\u003c\/p\u003e \u003cp\u003eAnalysis of Data 162\u003c\/p\u003e \u003cp\u003eRisks of Relying on Data—Reliability Risk 163\u003c\/p\u003e \u003cp\u003eReliance on the Data 164\u003c\/p\u003e \u003cp\u003eKnowledge of the System 165\u003c\/p\u003e \u003cp\u003eAssessment of the Internal Controls 166\u003c\/p\u003e \u003cp\u003eNew Topology of Data Tests 167\u003c\/p\u003e \u003cp\u003eReducing Auditor-Induced Data Corruption 168\u003c\/p\u003e \u003cp\u003ePotential Problems with the Use of CAATTs 169\u003c\/p\u003e \u003cp\u003eIncorrect Identification of Audit Population 169\u003c\/p\u003e \u003cp\u003eImproper Description of Data Requirements 171\u003c\/p\u003e \u003cp\u003eInvalid Analyses 172\u003c\/p\u003e \u003cp\u003eFailure to Recognize CAATT Opportunities 173\u003c\/p\u003e \u003cp\u003eSummary and Conclusions 174\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 6 Developing CAATT Capabilities 177\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eProfessional Proficiency: Knowledge, Skills, and Disciplines 177\u003c\/p\u003e \u003cp\u003eComputer Literacy: Minimal Auditor Skills 178\u003c\/p\u003e \u003cp\u003eAbility to Use CAATTs 180\u003c\/p\u003e \u003cp\u003eUnderstanding of the Data 181\u003c\/p\u003e \u003cp\u003eAnalytical Support and Advice 182\u003c\/p\u003e \u003cp\u003eCommunication of Results 184\u003c\/p\u003e \u003cp\u003eSteps in Developing CAATT Capabilities 184\u003c\/p\u003e \u003cp\u003eUnderstand the Organizational Environment\/Assess the Organizational Culture 184\u003c\/p\u003e \u003cp\u003eObtain Management Commitment 185\u003c\/p\u003e \u003cp\u003eEstablish Deliverables 186\u003c\/p\u003e \u003cp\u003eSet Up a Trial 186\u003c\/p\u003e \u003cp\u003ePlan for Success 186\u003c\/p\u003e \u003cp\u003eTrack Costs and Benefits 187\u003c\/p\u003e \u003cp\u003eLessons Learned 187\u003c\/p\u003e \u003cp\u003eOrganize Working Groups 188\u003c\/p\u003e \u003cp\u003eComputer Literacy Working Group 189\u003c\/p\u003e \u003cp\u003eCAATT Working Groups 190\u003c\/p\u003e \u003cp\u003eInformation Systems Support to Audit 191\u003c\/p\u003e \u003cp\u003eAssure Quality 195\u003c\/p\u003e \u003cp\u003eQuality Assurance Methodology 196\u003c\/p\u003e \u003cp\u003ePreventive Controls for CAATTs 197\u003c\/p\u003e \u003cp\u003eDetective Controls for CAATTs 198\u003c\/p\u003e \u003cp\u003eCorrective Controls for CAATTs 199\u003c\/p\u003e \u003cp\u003eQuality Assurance Reviews and Reports 200\u003c\/p\u003e \u003cp\u003eSummary and Conclusions 200\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 7 Challenges for Audit 203\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSurvival of Audit 203\u003c\/p\u003e \u003cp\u003eAudit as a Learning Organization 204\u003c\/p\u003e \u003cp\u003eKnowledge Acquisition 204\u003c\/p\u003e \u003cp\u003eInformation Dissemination 205\u003c\/p\u003e \u003cp\u003eInformation Interpretation 205\u003c\/p\u003e \u003cp\u003eOrganizational Memory 205\u003c\/p\u003e \u003cp\u003eNew Paradigm for Audit 206\u003c\/p\u003e \u003cp\u003eComputer-Assisted Audit Techniques 206\u003c\/p\u003e \u003cp\u003eComputer-Aided Audit Thought Support 207\u003c\/p\u003e \u003cp\u003eAuditor Empowerment 208\u003c\/p\u003e \u003cp\u003eAccess to Microcomputers and Computer Networks 209\u003c\/p\u003e \u003cp\u003eAccess to Audit Software—Meta-Languages 209\u003c\/p\u003e \u003cp\u003eUniversal Access to Data 210\u003c\/p\u003e \u003cp\u003eAccess to Education, Training, and Research 210\u003c\/p\u003e \u003cp\u003eSkills Inventory 212\u003c\/p\u003e \u003cp\u003eNeeded versus Actual Skills 212\u003c\/p\u003e \u003cp\u003eRequired versus Actual Performance 215\u003c\/p\u003e \u003cp\u003eAuditor Skills for Using CAATTs 216\u003c\/p\u003e \u003cp\u003eIS Auditor Skills 216\u003c\/p\u003e \u003cp\u003eTraining Programs and Requirements 217\u003c\/p\u003e \u003cp\u003eConceptual Training 217\u003c\/p\u003e \u003cp\u003eTechnical Training 218\u003c\/p\u003e \u003cp\u003eTraining Options 218\u003c\/p\u003e \u003cp\u003eIn-house 218\u003c\/p\u003e \u003cp\u003eProfessional Associations 218\u003c\/p\u003e \u003cp\u003eEducational Institutions 219\u003c\/p\u003e \u003cp\u003eComputer-Based, Video-Based, and Web-Based Training 219\u003c\/p\u003e \u003cp\u003eSummary and Conclusions 220\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendices 223\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAPPENDIX A The Internet—An Audit Tool 225\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Internet 225\u003c\/p\u003e \u003cp\u003eConnecting to the Internet 225\u003c\/p\u003e \u003cp\u003eGeneral Internet Uses 226\u003c\/p\u003e \u003cp\u003eUseful Sites for Auditors 229\u003c\/p\u003e \u003cp\u003eExamples of Audit-Related Internet Usage 230\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAPPENDIX B Information Support Analysis and Monitoring (ISAM) Section 231\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAPPENDIX C Information Management Concepts 235\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAPPENDIX D Audit Software Evaluation Criteria 241\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e General Capabilities 241\u003c\/p\u003e \u003cp\u003e Reporting Capabilities 241\u003c\/p\u003e \u003cp\u003e Graphics Capabilities 242\u003c\/p\u003e \u003cp\u003e Mathematical Functions 242\u003c\/p\u003e \u003cp\u003e File Manipulation Capabilities 242\u003c\/p\u003e \u003cp\u003e Record Definition Capabilities 242\u003c\/p\u003e \u003cp\u003e File Type Capabilities 242\u003c\/p\u003e \u003cp\u003e Programming Capabilities 242\u003c\/p\u003e \u003cp\u003e Support 243\u003c\/p\u003e \u003cp\u003e Other Capabilities 243\u003c\/p\u003e \u003cp\u003eReferences 245\u003c\/p\u003e \u003cp\u003eIndex 249 \u003c\/p\u003e  \u003cb\u003eDavid Coderre\u003c\/b\u003e has over twenty years of experience in internal audit, management consulting, policy development, management information systems, system development, and application implementation areas. He is currently President of CAATS (Computer-Assisted Analysis Techniques and Solutions). He is the author of three highly regarded books on using data analysis for audit and fraud detection.\u003cbr\u003e \u003cbr\u003e  Internal Audit\u003cbr\u003e \u003cbr\u003e   \u003cp\u003eEfficiency through Automation\u003c\/p\u003e \u003cp\u003eIncreased globalization of businesses, market pressure to improve operations, and rapidly changing business conditions are creating demand for technology-enabled auditing (TEA) to ensure timely ongoing assurance that controls are working effectively and that risk is properly mitigated.\u003c\/p\u003e \u003cp\u003ePart of Wiley's Institute of Internal Auditors Series, \u003ci\u003eInternal Audit: Efficiency through Automation\u003c\/i\u003e enables auditors to radically improve the effectiveness of their individual audits and the complete audit function through the application of computer-based audit tools and techniques.\u003c\/p\u003e \u003cp\u003eUniquely providing auditors with strategic and implementational guidance on computer-assisted audit tools and techniques (CAATTs), \u003ci\u003eInternal Audit: Efficiency through Automation\u003c\/i\u003e explains what continuous auditing does and how it can help auditors make better use of data analytics, while maintaining their independence and objectivity in evaluating the effectiveness of risk management and control assessment processes.\u003c\/p\u003e \u003cp\u003eThis practical book guides auditors in taking advantage of TEA to allow continuous auditing that tracks anomalies, deficiencies, and unusual trends in every step of the auditing process, from the initial development of the risk-based annual audit plan, to the planning, conducting, reporting, and follow-up phases of individual audits. Filled with numerous case studies illustrating the power and flexibility of standard and audit-specific software packages, it thoroughly discusses relevant topics, including:\u003c\/p\u003e \u003cul\u003e \u003cli\u003e \u003cp\u003eAudit technology\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eCAATTs benefits and opportunities\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eCAATTs for broader-scoped audits\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eThe Internet as an audit tool\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eThe new audit paradigm\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eValue-added auditing of inventory systems\u003c\/p\u003e \u003c\/li\u003e \u003cli\u003e \u003cp\u003eDeveloping CAATT capabilities\u003c\/p\u003e \u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eInternal auditors cannot stand by and watch as the rest of the business world embraces new technology. This timely guidebook shows audit managers how to advance the functioning of the audit organization and provides the essential tools to meet the challenges of auditing in today's business environment.\u003c\/p\u003e  \u003cb\u003ePraise for Internal Audit: Efficiency through Automation\u003c\/b\u003e  \u003cp\u003e\"Internal audit's role within the organization is more visible than ever before, largely due to the intense regulatory and compliance pressures of the last few years. This book provides an excellent overview of technology's historical role in supporting audits, and practical examples of the value audit technology provides today. It should be mandatory reading for every audit leader tasked with maximizing the effectiveness of his or her audit team to support high- performing organizations.\"\u003cbr\u003e —Harald Will, President and CEO, ACL Services Ltd.\u003c\/p\u003e \u003cp\u003e\"A wonderful desktop reference for anyone trying to move from traditional auditing to integrated auditing. The numerous case studies make it easy to understand?and provide?a how-to?for those?seeking to?implement automated tools including continuous assurance. Whether you are just starting down the path or well on your way, it is a valuable resource.\"\u003cbr\u003e —Kate M. Head, CPA, CFE, CISA, Associate Director, Audit and Compliance, University of South Florida\u003c\/p\u003e \u003cp\u003e\"In the many years that it has been my pleasure to know and work with David Coderre, I have always been extremely impressed with his grasp of auditing, risk assessment, and data analytics, but more importantly how to do it all better and faster. If you want a high-quality audit outcome and effective resource utilization, learn from the best —it doesn't get any better!\"\u003cbr\u003e —Greg Duckert, CIA, CISA, CPA, CMA,?CEO and founder, Virtual Governance Institute\u003c\/p\u003e \u003cp\u003e\"'Do more with less.' A familiar phrase, but David Coderre actually shows you how to use technology to enhance your audit product. A must-read for any size audit shop.\"\u003cbr\u003e —Ian Craigen, Supervising Senior: IS Audit\u003c\/p\u003e \u003cp\u003e\"David Coderre is the ultimate expert on the use of computer-assisted audit tools and techniques. His twenty-first-century methods are revolutionizing the way audits are conducted. We have used his recommended methods in our audit practice with great success for many years. Every audit organization—internal, external, governmental, SEC, or non-issuer—of every size should have David's books in use. These ideas work.\"\u003cbr\u003e —David L. Cotton, CPA, CFE, CGFM, Chairman, Cotton \u0026amp; Company LLP\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989444935909,"sku":"NP9780470392423","price":65.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9780470392423.jpg?v=1761784125","url":"https:\/\/k12savings.com\/es\/products\/internal-audit-isbn-9780470392423","provider":"K12savings","version":"1.0","type":"link"}