Question

26. Explain what is meant by ‘Computer Assisted Audit techniques (CAATs)’ and describe their major categories

Answer 1

Computer Assisted Audit Techniques (CAATs) is the tool which is used by the auditors. This tool facilitates them to make a search for the irregularities from the given data. With the help of this tool, the internal accounting department of any firm will be able to provide more analytical results. These tools are used throughout every business environment and also in the industry sectors too. With the help of Computer Assisted Audit Techniques, more forensic accounting with more analysis can be done. It’s really a helpful tool that helps the firm auditor to work in an efficient and productive manner.

The audit under CIS (Computer Information System) environment cannot be carried by traditional (manual) approaches, effectively. Since the processing of the transaction in CIS environment is fast and complicated, the audit must be carried out using computer-assisted audit techniques (CAAT). This requires a reasonably good amount of IT skills on part of the auditors

AUDIT APPROACH IN CIS ENVIRONMENT

There have been drastic changes in audit approaches and methodologies as a result of the emergence of CIS environment. The selection of one of the approaches depends upon the knowledge base expertise of Auditors. There are mainly two approaches for auditing in CIS environment that are explained as follows:

1. Black-box Approach (Auditing around the computer): In this approach, the auditor is mainly concerned about the Inputs fed-in by the client and the output generated by the system. The auditor completely ignores the internal processing of the Information System. For example, while testing payroll of a company, under black-box approach, the auditor may first find out the total monthly hours worked by selected employees from their respective time cards and then he may check the salary/wage rate from the rate card to find out the salary/wage payable to each employee. On the basis of above, the auditor ascertains his own output by comparing hours, rates, extensions, over-time & leaves. Finally, the auditor compares his own results with the system generated results. This approach may be enumerated with the help of the following flowchart: CIS Client’s Output Compare with Client’s Output CLIENT’s Input AUDITOR’s Predetermined Output The biggest advantage of auditing around the computer is the ease and simplicity, since the auditor does not require in-depth knowledge of system application program in order to perform his duties. On the contrary, a major disadvantage is that, under this approach, the auditor is completely ignorant about the internal processes of the system. Moreover, in order to generate certain complex reports, print-outs cannot be arranged to apply the audit procedures.

1. Auditor’s Output Compare with Client’s Output AUDITOR’s Input Client’s CIS & use of CAAT   White-Box Approach (Auditing through the computer): Under this approach, the auditor is not only concerned with the subject matter of the audit (i.e. inputs and outputs), but also with the internal processing of the computer system. This means to include various auditing with the help of Audit software and computer-aided audit techniques (CAAT).

The auditing through the computer requires the use of various audit software packages and some computer-assisted audit techniques. AUDIT SOFTWARE The use of CAAT allows the auditor to test the reliability and credibility of the clients’ information system, without being much dependent upon the clients’ software. Nowadays, there are a plenty of audit software options available with the auditor, with the help of which he can perform his audit independently and effectively. This audit software may include package programs, purpose-written programs, utility programs or system management program. These programs are explained as follows:

I. Package Programs:

a. these are generalized computer software packages.

b. These packages come with a lot of generalized features and utilities, which can be used at many clients’ site.

c. Since these software packages are highly generalized and are available across the globe, so one does not face any compatibility issues. Almost all the organization maintains a certain level of compatibility with these programs.

d. E.g. MS-Excel can be the most common example for such programs.

II. Purpose-written Programs:

a. these programs are created to perform specific natured audit task.

b. These packages are not available for sale in the open market. The auditor is required to get these programs developed.

c. The auditor may appoint some outside agency to develop the program on his behalf (outsourcing) or he may himself hire the programmers and get it built in-house. d. While choosing the purpose-written program option, the auditor must take into consideration, the cost related issues.

III. Utility Programs:

a. These programs are used to perform common data processing functions such as sorting; sampling; documenting; creating, emailing & printing files/reports, etc.

b. Although, these are not specifically designed for the audit purposes but can be extremely useful while performing the audit.

c. E.g. Acrobat’s Adobe Reader; Microsoft’s Office also consists of certain utility programs such as MS-Access, MS-Word, MS-PowerPoint, etc. IV. System Management Software: a. these software/programs are also not specifically meant for audit purpose. b. These are productive tools, meant to enhance the performance of the Operating System. c. E.g.: Disk Defragment, Task Manager, Task Scheduler, Disk Clean-up, etc. are some of the examples of system management software.