audit theory on computerized system
Concurrent Auditing Techniques
Integrated Test Facility
The integrated test facility technique (ITF) involves auditors establishing a mini company or dummy company on the live files processed by an application system. For example, in a payroll system, auditors might establish a master-file record for a fictitious employee. Auditors then submit test data to the application system as part of the normal transaction data entered into the system. They monitor the effects of their test data on the dummy entity they have established.
Two major design decisions must be made when auditors use ITF. First, auditors must determine what method will be used to enter test data. One approach is to select and tag live transactions. The tagged transactions then update not only their target records but also the dummy entity that has been established. An alternative approach is to design and create test transactions specifically for the application. These test transactions update only the dummy entity. Second, auditors must determine how the effects of test transactions will be masked within the application system being tested. One approach is to submit transactions that have immaterial amounts and which, therefore, are unlikely to be noticed by application system users. A second approach is to submit reversal entries so that the net effect of the test transactions is zero. A third approach is to modify the application system so the test transactions are not counted in the application system’s control totals. This third approach is the most expensive, but it is often the most effective. System Control Audit Review File
With a system control audit review file (SCARF), auditors embed audit routines into an application system and collect data on events that are of interest to them. This data is then written to a file (hence the name of the technique) for subsequent review or subsequent use in other tests that auditors may wish to conduct.
Leinicke et al. (1990) describe an
Integrated Test Facility
The integrated test facility technique (ITF) involves auditors establishing a mini company or dummy company on the live files processed by an application system. For example, in a payroll system, auditors might establish a master-file record for a fictitious employee. Auditors then submit test data to the application system as part of the normal transaction data entered into the system. They monitor the effects of their test data on the dummy entity they have established.
Two major design decisions must be made when auditors use ITF. First, auditors must determine what method will be used to enter test data. One approach is to select and tag live transactions. The tagged transactions then update not only their target records but also the dummy entity that has been established. An alternative approach is to design and create test transactions specifically for the application. These test transactions update only the dummy entity. Second, auditors must determine how the effects of test transactions will be masked within the application system being tested. One approach is to submit transactions that have immaterial amounts and which, therefore, are unlikely to be noticed by application system users. A second approach is to submit reversal entries so that the net effect of the test transactions is zero. A third approach is to modify the application system so the test transactions are not counted in the application system’s control totals. This third approach is the most expensive, but it is often the most effective. System Control Audit Review File
With a system control audit review file (SCARF), auditors embed audit routines into an application system and collect data on events that are of interest to them. This data is then written to a file (hence the name of the technique) for subsequent review or subsequent use in other tests that auditors may wish to conduct.
Leinicke et al. (1990) describe an