There are two basic techniques available to the auditor for auditing through the computer. These are use of test data and use of computer audit programs which are also called CAATs (computer assisted audit techniques).
CAAT’s are computer programs and data that the auditor uses as part of the audit procedures to process data of audit significance contained in a client computer information system (CIS). It can also be defined simply as applications of auditing procedures using the computer as an audit tool.
The overall objectives and scope of an audit do not change when an audit is conducted in a computerized environment. However, the application of auditing procedures may require auditors to consider techniques that use the computer as an audit tool. These uses of the computer for audit work are known as Computer-assisted audit techniques (CAATs).
CAATs may be used in performing various auditing procedures, including the following.
Tests of details of transactions and balances
Analytical review procedures
Tests of computer information system controls
Use of CAATS is governed by ISA which provides the two main types of CAATS are
a) Test of data
b) Audit software
i) Test of data
These are designed to test the performance of client’s programs. What it involves is for the auditor either using dummy data or live data for processing to manually work out the expected result using the logic of the program. This is then run on the computer using the program and the results are compared. A satisfactory outcome gives the auditor a degree of assurance that if that program is used continuously throughout the year, then it will perform as required. This technique of test data falls under compliance testing. Live data testing has the following disadvantages
i. If the data is included with normal, separate test data totals cannot be obtained. This can sometimes be resolved by use of dummy branches or separate codes to report the programs effects on the test data.
ii. Side effects can occur. It has been known for an auditor’s dummy product to be included in a catalogue.
Dummy testing has the following disadvantages
i. Difficulties will be encountered in simulating the whole system or part of it.
ii. A more detailed knowledge of the system is required than with use of live files.
iii. There is often uncertainty as to whether operational programs are really being used for the test.
iv. The time span problem is still difficult but more capable of resolution than live testing.
Difficulties in using audit test data:
• Cost: for constructing test data, predetermine the results manually and ascertaining which controls to be tested.
• Confined to test of control only.
• Live testing is dangerous as it may affect live database is used for special run.
• No visible evidence of audit work performed: need to record in the working papers of work done.
ii) Computer programs or audit software
These consist of computer programs used by the auditor to read magnetic files and to extract specified information from the files. They are also used to carry out audit work on the contents of the files. These programs are sometimes called enquiry or interrogation programs. They can be written by an audit firm or they can be bought from software houses. They have the advantage that they can be used to train unskilled staff.
Types of audit software
i) Package programs consist of prepared generalized programs for which the auditors will specify their detailed requirements by means of parameter or supplementary program code.
ii) Purpose written programs involve the auditors satisfying their detailed requirements by means of program code specifically written for the purpose.
iii) Utility programs consist of programs available for performing simple functions, such as sorting and printing data files.