Answer
Major techniques of concurrent audit of Information system are discussed below:
(1) Integrated test facility technique places a small set of fictitious records in the master file. Processing test transactions to update these dummy records will not affect the actual records. Because fictitious and actual records are processed together employees remain unaware that this testing is taking place. The auditor compares processing and expected results in order to verify that the system and its controls are operating correctly.
(2) The snapshot technique examines the way transactions are processed. Selected transactions are marked with a special code that triggers the snapshot process. Audit modules in the program record these transactions and their master file records before and after processing. Snapshort data are recorded in a special file and reviewed by the auditor.
(3) SCARF (System control audit review file) uses embedded audit modules to continuously monitor transaction activity and collect data on transactions with the special audit significance. The data are recorded in a SCARF file or audit log. Transactions that might be recorded in a SCARF file include those exceeding a specified rupee limit. Periodically the auditor examines the information to identify any questionable transactions.
(4) Auditor hooks: These are audit routines that flag suspicious transactions. For example, an Insurance company determined that their policy holder systems was vulnerable to fraud each time a policy holder changed his name or address and subsequently withdraw money. Internal auditor of the company devised a system of audit hooks to log records with a name or address change whenever a policy holder changed his name or address and then subsequently
withdraw funds from the policy. When audit hooks are employed auditors can be informed of questionable transactions as soon as they occur.
(5) Continuous and intermitted simulation (CIS): This embeds an audit module in a data base management system. The CIS module examines all transactions that update the DBMS using criteria similar to those of SCARF. If a transaction has special audit significance the module independently processes the date, records the results and compares them with DBMS results. In case of discrepancies, the details are written onto an audit log for subsequent investigation.