2. What is CAATT
➔ Computer Assisted Audit Tools and techniques used for performing test application
control and data extraction.
➔ CAATTs used for testing application logic and then examined. There are five CAATT
approaches:
★ The Test Data Method
★ Base case System Evaluation
★ Tracing
★ Integrated Test facility
★ Parallel stimulation.
3. Application Control
➔ Designed to deal with potential exposures.
➔ Input data is accurate, complete, authorized and correct.
➔ Ensures that data is processed as intended in an acceptable time period.
➔ Take care of a maintained record of process data from input to storage.
➔ Output are accurate and complete. Application control falls into three categories:
★ Input Control
★ Processing Control
★ Output Control
4. Input Control
➔ Input control are designed to ensure that the transactions are valid, accurate, and
complete.
➔ Input controls are used to check the integrity of data entered into a business application.
➔ Checks to ensure the data is remain within a specified parameters.
➔ Data input procedures can be either source document- triggered (batch) or direct input
(real time).
➔ Input control employs real-time editing techniques to identify and correct errors.
5. Classes of Input Control
➔ Input Controls are designed to make sure
transactions are true, complete, and accurate.
➔ Procedures for entering data can be either
documented-triggered source (batch) or direct
input (real-time).
➔ Input controls will vary in terms of quality and
complexity depending on the application
program.
➔ There are six classes used in Input control
(Refer Fig)
6. Validation During Data Input Control
➔ System using real-time processing or batch processing .
➔ Batch processing with sequential files
➔ For additional processing each processing module prior to updating master file.
➔ Error handling procedures.
There are three input validation controls:
★ Field Interrogation
★ Record Interrogation
★ File Interrogation.
7. Processing Control
● Processing Controls provide an automated means of ensure processing to
complete , accurate, and authorized.
● After passing through the data input stage, transaction enter the processing
stage of the system.
8. Run-To-Run Controls
➔ Used to monitor the batch as it moves from one programmed procedure to another.
➔ Ensures that each run in the system processes the batch correctly and completely.
➔ Uses of run-to-run controls
★ Recalculate Control Totals.
★ Transaction Codes.
★ Sequence Checks.
9. Operator Intervention & Audit Trail Controls
➔ Systems sometimes requires
operator intervention to initiate
certain actions.
➔ Operator Intervention increases
the potential for human error.
➔ Preserving the Audit trials plays a vital role
in the Process Control.
➔ This controls helps in holding of every
transactions made in the systems from
source till end of Reporting
Techniques used to preserve audit trails:
★ Transaction logs.
★ Log Of automatic transactions
★ Listing of Automatic Transactions
★ Unique Transaction Identifiers
★ Error Listing.
10. Output Controls
➔ The Functionality of the Output control is
to ensure that all the Data that is fed to
the Application Systems should be
processed.
➔ This control should also ensure that the
privacy of the output data is not violated
as it might occur a huge loss to the
organisation.
Types of Output Controls
★ Controlling Batch Systems Output
★ Controlling Real - Time Systems Output
11. Controlling Batch Systems Output
➔ Batch Systems uses the hardcopy as
the form of an output which requires
an intermediaries in its productions
and distributions
➔ There are different stages of the
output process (refer fig)
12. Controlling Real-Time Systems Output
➔ In real time systems, the outputs are directly passed to the end user’s output screen (For
E.g., End user’s Printer, Computer Screen/Terminal).
➔ Major Drawback of this type is loss/damage of data in the Communication Link or Data
exposed by the Equipment Failure.
Solution for this could be using of Hamming Code and using the Encryption/Decryption Techniques
13. Testing Computer Application Controls
These controls are designed to provide information about the accuracy and completeness
of an Application System
The 2 most important approaches for Auditing the Computer Application are
i. Black-Box Approach ii. White-Box Approach
14. Black-Box Approach
➔ The auditors using this Black Box
approach do not care about the
applications work in detail or
Internal logics.
➔ They tend to concentrate more
on the flowchart diagrams on
how the systems work or to
understand the characteristics of
the systems.
15. White-Box Approach
➔ The white box (through the computer) approach relies on an in-depth understanding of the
internal logic of the application being tested.
➔ The white box approach includes several techniques for testing application logic directly.
Typically these involve the creation of a small set of test transactions to verify specific
aspects of an application’s logic and controls.
➔ The type of tests involved in the White Box Approach are:
◆ Authenticity Test
◆ Accuracy Test
◆ Completeness Test
◆ Redundancy Test
◆ Access Tests
◆ Audit Trail Tests
◆ Rounding Error Tests
16. CAATT for Testing controls
➔ Computer Aided Audit Tools and Techniques (CAATT) is the practice of using computers to
automate the IT audit processes. CAATT usually includes the basic office productivity software
such as Spreadsheets, word Processors and Text Editing.
➔ The different approaches discussed in this chapter are as follows:
★ Test Data method (includes Creating Test Data, Base Case System Evaluation and Tracing)
★ Integrated Test Facility
★ Parallel Simulation
17. The Test Data Method
This approach uses the processing of
the Test input data to the Application
Under review where these results
are compared to the predetermined
values to obtain objective
evaluations of application logic.
18. Base Case Evaluation System & Tracing
When the set of test data in use is
comprehensive, the technique is called
the base case system evaluation (BCSE).
BCSE tests are conducted with a set of
test transactions containing all possible
transaction types. These are processed
through repeated iterations during
systems development testing until
consistent and valid results are
obtained.
Tracing technique performs an electronic
walkthrough of the application’s internal
logic. It involves following steps
➔ Application compilation to activate
the trace option.
➔ Test Data is created by specific
Transactions.
➔ The test data transactions are traced
through all processing stages of the
program
19. Integrated Test Facility (ITF)
Integrated Test Facility (ITF)
approach is an automated
technique that enables an
auditor to test an
application’s logic and
control during its ongoing
operations
20. Parallel Simulations
This approach require the auditor to create an simulation program (with Key Feature Logic and
processes) that is similar the actual program and then the transactions are fed to it and the resulting
simulation output it compared to the actual production output.
When using this approach, there arises a few questions like How to create a simulation program?
➔ This simulation program is a dummy program which is built to use as a one-time approach which can be
written in any Programming Languages.
➔ The auditor must understand the complete logic and current documentation of the application program
which is under review & create a simulator program called as Generalized audit software (GAS).
➔ The auditor feeds the GAS with the actual transactions to find the results which are then compared to
the actual production results.