Doc, Pdf, Ppt

Only available on StudyMode
  • Download(s) : 170
  • Published : March 1, 2013
Open Document
Text Preview
Concurrent Audit Techniques

Cdr MK Paul B Tech, CISA
Indian Navy

What is concurrent auditing ?
► Concurrent auditing are techniques used to

collect audit evidence at the same time as an application system undertakes processing of production data.

Why concurrent auditing ?
► Progressive disappearance of paper based

audit trail. ► To prevent / detect material loss due to rapid propagation of errors to other connected / dependent systems in a computerised environment. ► Difficulty in performing transaction walkthrough in a computerised environment Cdr MK Paul B Tech, CISA

Indian Navy

Why concurrent auditing (contd..)?
► For timely detection of entropy in a

computerised data processing system.
 Entropy is the tendency of any system to move towards internal disorder and eventually collapse.

► Problems of gathering audit

evidence in an outsourced and distributed information system environment.  Physical presence at every site may be cost prohibitive and impractical Cdr MK Paul B Tech, CISA
Indian Navy

Types of concurrent auditing
► Two types

 Special audit modules embeded in application / system software to collect evidence.  Special audit records to store the audit evidence collected.

Cdr MK Paul B Tech, CISA
Indian Navy

Concurrent Auditing Techniques
► Integrated Test Facility (ITF) ► Snapshots

 Extended Record Technique
► System Control Audit Review File (SCARF) ► Continuous and Intermittent Simulation (CIS)

Integrated Test Facility (ITF)
► Involves establishing a dummy entity in the

application system’s files and processing audit test data against this entity. ► Verifies application system’s processing authenticity, accuracy and completeness

ITF
► Test data used in ITF

 

Tagged live production transactions Specially designed by auditors according to a test plan ►These specially designed test data are submitted for

processing along with the normal production data.

Cdr MK Paul B Tech, CISA
Indian Navy

ITF
Tagged Live Transactions

Transaction Input

ITF Application system

Database with Dummy Entity

Live Data Transaction Input ITF Application system Transaction Input Test Data Database with Dummy Entity

Cdr MK Paul B Tech, CISA
Indian Navy

ITF
► Problem with using ITF is that it affects the output

of the application system. ► Effects of ITF transactions should be removed by the application software prior to producing output.  Modify application program to ignore their effects while preparing outputs  Submit additional inputs for removing their effects.  Submit trivial entries as test data so that their effect on the output is minimal.

Cdr MK Paul B Tech, CISA
Indian Navy

Snapshots
► Involves taking pictures of a transaction as it flows

through various points in the application

 Embedded audit module used to take pictures
► Snapshots either printed immediately or saved to

a file for later printing ► Auditors determine

 Where to take snapshots  Which transactions will be subject to snapshot  How and when the snapshot data will be presented for evaluation Cdr MK Paul B Tech, CISA
Indian Navy

Snapshots
► Extended Record Technique

 Modification of Snapshot technique
► Snapshot technique involves writing a

record for each snapshot point. Snapshots usually stored where it is taken ► Extended record technique appends data for each snapshot point to a single record. Thus all data relating to a transaction is kept in one place. Cdr MK Paul B Tech, CISA

Indian Navy

Snapshots
Input Transaction Input Validation Program Snapshots 1,2,3 Snapshot Report / File Report Program Snapshots 8,9 Update Program Snapshot Report / File Snapshots 4,5,6,7

Snapshot Report / File
Snapshots 1,2,3

Snapshots 4,5,6,7

Snapshots 8, 9

Extended Record
Cdr MK Paul B Tech, CISA
Indian Navy

System Control Audit Review File (SCARF)
► ►

Most Complex of all techniques...
tracking img