concurrent auditing techniques

1. INFORMATION SYSTEM
AUDIT-II
CHP 3. CONCURRENT AUDITING TECHNIQUES
MR. JAYANT. P. DALVI

2. INTRODUCTION
• concurrent audit is used to reduce time gap between occurrence of
transaction
• serves the purpose of internal control
• ensures transactions or decisions are within policy parameters and
dont violate the policy prescriptions and within delegated authority
with terms and conditions

3. NEED OF CAT
• Disappearing paper based audit trail
• continuous monitoring required by advance systems
• increasing difficulty of performing transaction walkthrough
• presence of entropy or disorder inside systemss

4. AUDITING TECHNIQUES
• tools that auditors use to collect audit evidence on reliability of computer based
application system at the same time as the application system carries out live
operational processing of transaction data
• Techniques:
• Integrated Test Facility
• Snapshot or extended record
• system control audit review file
• continuous and intermittent simulation

5. INTEGRATED TEST FACILITY:
• establish dummy entity on application system files and processing
audit test data against entity to verify authenticity, accuracy and
completeness.
• auditor use test data to update fictitious entries. Test data is used as
input to application systems
• Application system is programmed to treat tagged transactions in
special way.
• 2 major decisions to be taken for system:
1. what method to be used to insert the data?
2. what method to remove components it affects?
• effects of ITF transaction must be removed on completion of audit

6. ITF

7. SNAPSHOT OR EXTENDED RECORD
• involves software taking pictures of transaction flowing through
systems
• auditors have to use software where to locate snapshot points, when
to capture the snapshots and report of that data is captured .
• the software captures images of transactions as it processes through
various processing points.
• To validate processing at different snapshot points, capturing of
images before transaction and after transaction.
• assessment of authencity, accuracy and completeness of processing
involves transactions by verifying before, after images and
transformation that has occured on transaction

9. • SYSTEM CONTROL AUDIT REVIEW FILE(SCARF):
• it involves Audit software modules for continuous monitoring of
system's transactions.
• these audit modules are placed at predetermined points to gather
info about transactions or events within the system
• information generated is written to special audit file - SCARF master
file.
• auditors examine the info contained on this file to see if some
component of system needs follow up.

10. SCARF

12. CONTINUOUS AND INTERMITTENT
SIMULATION(CIS)
• It is used whenever application systems use a DBMS
• it uses DBMS to trap exceptions.
• When application system invokes services provided by DBMS, DBMS indicaes to CIS that
a service is required. CIS then determines whether it wants to examine transaction
further.
• If transaction is selected then next 3 steps are executed otherwise CIS waits for new
transaction
• DBMS provides all data requested by application system to CIS to process selected
transaction.
• CIS replicates application system processing as a parallel virtual system.
• every update to DB that arises from processing selected transaction will be checked by
CIS to determine whether any error occured in results it produces and those application
system produces

13. CIS

14. FACTORS OF CONCURRENCY AUDITING
TECHNIQUES
• INCREASED INTEGRATION OF IS:
• help auditors to understand how reliability of different components of IS impacts on
reliability of other components
• INCREASED INCIDENCE OF DISTRIBUTED IS:
• auditing techniques can be install at remote sites to collect evidence on their behalf if
locations of IS are dispersed.
• INCREASED EXPOSURES WHEN ERRORS AND IRREGULARITIES OCCUR:
• techniques permit errors and irregularities to be identified as they occur
• PRESENCE OF ENTROPY IN SYSTEM:
• provide means if detecting entropy as it occurs i.e increasing error rates during data
capture and input or rectify system design and programming errors

15. TYPES OF CONCURRENT TECHNIQUES
• the techniques can be used to test an application system with test
data during normal processing
• the techniques that can be used to select transactions during normal
processing for audit review
• the techniques that can be used to trace, map or document the state
of a system during normal processing

16. USERS OF CONCURRENT TECHNIQUES
• INTERNAL AUDITORS:
• used this techniques to establish and maintain substantial resources
• AUDITORS INVOLVED IN DEVELOPMENT WORK OF NEW SYSTEM
• TECHNIQUES TO BE USED IF OTHER TYPES OF COMPUTER BASED AUDIT
TECHNIQUES
• TECHNIQUES TO BE USED AS INCIDENCE OF AUTOMATICALLY GENERATED
TRANSACTIONS

17. STRENGTHS/ADVANTAGES OF CAT
• Timely audit
• Comprehensive and detailed auditing
• Surprise test capability
• Asses whether IS meets the set objectives
• Training for new users

18. LIMITATIONS/DISADVANTAGE OF CAT
• Availability of resources
• auditor's involvement in development process
• expert knowledge of IS working
• stable application systems