Answer
CAAT (computer assisted audit technique), as it is commonly used, is the practice of analyzing large volumes of data looking for anomalies. A well designed CAAT audit will not be a sample, but rather a complete review of all transactions. Using CAAT the auditor will extract every transaction the business unit performed during the period reviewed. The auditor will then test that data to determine if there are any problems in the data. The CAAT auditor can easily look for duplicate vendors or transactions. When such a duplicate is identified, they can approach management with the knowledge that they tested 100% of the transactions and that they identified 100% of the exceptions.
Another advantage of CAAT is that it allows auditors to test for specific risks. For example, an insurance company may want to ensure that it doesn’t pay any claims after a policy is terminated. Using traditional audit techniques this risk would be very difficult to test. The auditor would “randomly select” a “statistically valid” sample of claims (usually 30-50.) They would then check to see if any of those claims were processed after a policy was terminated. Since the insurance company might process millions of claims the odds that any of those 30-50 “randomly selected” claims occurred after the policy was terminated is extremely unlikely. Even if one or two of those claims was for a date of service after the policy termination date, what does that tell the auditor?
Using CAAT the auditor can select every claim that had a date of service after the policy termination date. The auditor then can determine if any claims were inappropriately paid. If they were, the auditor can then figure out why the controls to prevent this failed. In a real life audit, the CAAT auditor noted that a number of claims had been paid after policies were terminated. Here is list of use of CAAT in brief:
• Recalculating and Verifying balances
• Testing compliance with standard
• Aging Analysis of receivables and payables
• Identifying control issue
• Testing Duplicates within data
• Testing gaps in invoice numbers