Audit dan EvaluasiTeknologi Informasi Sesi 6 MTI-CIO 2012
CAATTComputer-Assisted Audit Tools and Techniques• Increased productivity, complete routine tasks faster (24– 75%)• Reduced cost due• Improve consistency and focus more on signiﬁcant issues• Impractical or impossible tasks (manually) can be completed• Competitive advantage gained and client perception of the auditor, the ﬁrm, and quality of the services provided improved• Ability to cope with diﬃcult tasks without corresponding staﬀ increases
Tool Categories• General Automation and data processing – Audit productivity tools that help auditors to reduce the amount of time spent on administrative tasks by automating the audit function and integrating information gathered as part of the audit process• Specific Auditing tools – Computer-assisted audit tools (CAATs) that help auditors evaluate application controls, and select and analyze computerized data for substantive audit tests
Audit Process Activities• Planning and tracking the annual audit schedule using spreadsheets, database, and project management software• Documentation and presentations using word processing, ﬂowcharting, and graphics software• Communication and data transfer using electronic connectivity and a centralized server• Resource management using online work papers review and e-mail• Data management using database, groupware, and intranet software
Audit Planning and Tracking• Risk assessment, audit schedule preparation and tracking, and budget preparations are necessary tasks in audit planning.• Spreadsheets or database software can be used to record risk values, develop an “ audit universe,” and prepare a budget. Project management software can be used to schedule audits and track the current status. Each of these solutions is a standalone. An integration may not even be possible. Because planning tasks are interdependent, an integrated application would provide quicker update and ensure that all phases of planning are kept in sync. – For example, the budget should provide suﬃcient costs to accomplish the audit schedule, or the audit schedule should not exceed the resources available.
Documentation and Presentations• A use of packages such as Oﬃce Suite provides “ cut and paste” and linking functionality.• These features facilitate the creation of consistent, accurate documents. – For example, spreadsheet data containing functional testing results can be incorporated into a report document with a few clicks of a mouse. As same data can then just as easily be copied to a presentation slide and also be “linked,” so that changes to the source documents will be reﬂected in any of the related documents.• Software suite functionality saves time and ensures consistency and accuracy.
Groupware• Groupware is a specialized tool or assembly of compatible tools that enables business teams to work faster, share more information, communicate more eﬀectively, and do a better job of completing tasks. Groupware systems vary greatly. Today, we are seeing desktop conferencing, videoconferencing, coauthoring features and applications, e -mail and b-boards, meeting supports systems, paging and voice applications, workﬂow systems, and group and subgroup calendars as examples of groupware products and support systems.
Auditor Skills• Requirement to use computer-assisted auditing techniques lies in understanding and applying the appropriate audit functions.• By way of illustration, four broad categories of computer auditing functions can be identiﬁed: – Items of audit interest – Audit mathematics – Data analysis • Histogram • Modeling • Comparative Analysis – System validation
Flowcharting as an Analysis Tool• A method for identifying and evaluating control strengths and weaknesses within a system under examination. It can be time consuming to build an understanding of strengths and weaknesses within a system to be audited.• Evaluation of a number of elements of a system: – Quality of system documentation – Adequacy of manual or automated controls over documents – Eﬀectiveness of processing by computer programs (i.e., whether the processing is necessary or redundant and whether the processing sequence is proper) – Usefulness of outputs including reports and stored ﬁ les• Steps followed in the development of ﬂowcharts and their use as audit evaluation tools include – Understanding how data is processed by computers – Identifying documents and their flow through the system – Deﬁning critical data – Developing audit data ﬂow diagrams – Evaluating the quality of system documentation – Assessing controls over documents – Determining the eﬀectiveness of processing under computer programs – Evaluating the usefulness of reports
Deﬁning Critical Data• An auditor must build a clear understanding of the data being recorded within the system under study. Therefore, the individual elements of data must be deﬁned. Titles can be deceptive. – For example, is a cost derived from the current period or is it cumulative? Is the cost accrued or incurred? What are the components of a cost? Has the composition of cost changed during the ﬁscal periods under review?
• Determining the Effectiveness of Processing under Computer Programs• A e audit staﬀ should identify any problem areas in the processing cycle including but not limited to• Redundant processing of data or other forms of duplication• Bottlenecks that delay processing• Points i n t he o perating c ycle at w hich c lerks do n ot h ave en ough t ime to re view o utput• reports and make corrections• Evaluating the Usefulness of Reports• A e aud it s taﬀ sh ould re view t he k ey o r m ajor o utputs ( such a s e dit l istings, er ror l istings, a nd• control of hours listings) of the application system and determine if the outputs are• Accurate• Usef ul a s i ntended• A e auditor should conﬁ rm ﬁ ndings by interviewing t he users of t he output reports. One appropriate• te• chnique m ight b e t he c ompletion o f a q uestionnaire o r su rvey, p erhaps c onducted b y• e-mail on user satisfaction with output reports.
System Validation• System validation is a method for testing the reliability of programs through simulation with either the test data or actual data. With parallel simulation techniques, the auditor may be able to satisfy both compliance and substantive testing needs in one process.
Generalized Audit Software• Use of generalized audit software makes it possible to perform required functions directly on application ﬁles. Audit software can be used to: – Analyze and compare ﬁles – Select speciﬁc records for examination – Conduct random samples – Validate calculations – Prepare conﬁrmation letters – Analyze aging of transaction ﬁles – IT auditors can also use the same software tools as the programming staﬀ or additional tool s used
Application Testing• Once controls have been identiﬁed, the next step in an audit is to verify the control’s eﬀectiveness. This can be accomplished by submitting a set of test data that will produce known results if the application functions properly.• Evaluating the results of the application• In any case, the auditor will need to understand the processing logic of the application to simulate the application or evaluate the application’s results.• Database controls – Access rights
Other (Online) CAATs• Webmetrics: – Web Static Analyzer Tool (Web SAT), Web Category Analysis Tool (WebCAT), Web Visual Instrumenter Program (WebVIP), VISVIP, FLUD, FLUDViz Tool, and TreeDec.• Manually checking that all posted data is current will be time consuming. Discovering broken links, missing pages, and page components manually are almost impossible.• Webmetrics provided by Information Technology Laboratory (ITL) of National Institute of• Standards and Technology (NIST) is one of t he CAATs that can assist IT auditors in evaluating the usability of a Web site. – Reduces the time to complete audit analysis, test, and reports – Increases audit coverage by reducing the amount of time spent on manual processes – Provides quality audit services by having a standard set of audit tools and procedures – Leverages the knowledge gathered as a result of audit projects to provide immediate metric/data quality feedback to management• Benefits – Reduced advertising costs – Equal access to new markets – Increased sales – More opportunity for niche marketing – Reduced delivery cost for goods that can be delivered electronically
Example Tools (Non-Commercial)Infrastructure (network) related auditing tools• Open-AudIT• OCS Inventory NG
CAAT Example• OCS Inventory NG Global Diagram (http://www.ocsinventory-ng.org)
CAAT Integration Example• Global diagram detailed how OCS can be integrated in a complex network architecture.
TugasDari berkas “Understanding Fraud and Corruption”• Pertanyaan-pertanyaan yang harus dijawab: – Jelaskan perbedaan Fraud dan Corruption – Definisikan Fraud – Definisikan Corruption menurut ADB 1998 – Sebutkan 7 elemen Fraud and Corruption – Sebutkan 15 jenis Fraud and Corruption beserta definisinya – Sebutkan daftar perilaku korup (12 item) – Apa penyebab Fraud and Corruption?
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.