Computer-aided audit tools

From Wikipedia, the free encyclopedia
  (Redirected from Computer Aided Audit Tools)
Jump to: navigation, search

'Computer-assisted audit techniques (CAATs) or computer-assisted audit tools and techniques (CAATTs) is a growing field within the audit profession. CAATs is the practice of using computers to automate the audit processes. CAATs normally includes using basic office productivity software such as spreadsheet, word processors and text editing programs and more advanced software packages involving use statistical analysis and business intelligence tools. But also more dedicated specialized software are available (see below).

CAATs have become synonymous with data analytics in the audit process.

Traditional auditing vs CAATs[edit]

Traditional audit example[edit]

The traditional method of auditing allows auditors to build conclusions based upon a limited sample of a population, rather than an examination of all available or a large sample of data. The use of small samples may diminish the validity of audit conclusions. Management realizes that they conduct thousands or perhaps millions of transactions a year and the auditor only sampled a handful. The auditor will then state that they conducted the sample based upon generally accepted audit standards (GAAS) and that their sample was statistically valid.

Another common criticism of the audit profession occurs after a problem emerges. Whenever a problem emerges within a department, management might ask, "Where were the auditors?" This is a futile question, because nobody can see beyond the present.

CAATTs alternative[edit]

CAATTs, not CAATs, addresses these problems. CAATTs, as it is commonly used, is the practice of analyzing large volumes of data looking for anomalies. A well designed CAATTs audit will not be a sample, but rather a complete review of all transactions. Using CAATTs the auditor will extract every transaction the business unit performed during the period reviewed. The auditor will then test that data to determine if there are any problems in the data. For example, using CAATTs the auditor can find invalid Social Security Numbers (SSN) by comparing the SSN to the issuing criteria of the social security administration. The CAATTs auditor could also easily look for duplicate vendors or transactions. When such a duplicate is identified, they can approach management with the knowledge that they tested 100% of the transactions and that they identified 100% of the exceptions.

Traditional audit vs CAATTs on specific risks[edit]

Another advantage of CAATs is that it allows auditors to test for specific risks. For example, an insurance company may want to ensure that it doesn't pay any claims after a policy is terminated. Using traditional audit techniques this risk would be very difficult to test. The auditor would "randomly select" a "statistically valid" sample of claims (usually 30–50.) They would then check to see if any of those claims were processed after a policy was terminated. Since the insurance company might process millions of claims the odds that any of those 30–50 "randomly selected" claims occurred after the policy was terminated is extremely unlikely.

Using CAATTs the auditor can select every claim that had a date of service after the policy termination date. The auditor then can determine if any claims were inappropriately paid. If they were, the auditor can then figure out why the controls to prevent this failed. In a real life audit, the CAATTs auditor noted that a number of claims had been paid after policies were terminated. Using CAATTs the auditor was able to identify every claim that was paid and the exact dollar amount incorrectly paid by the insurance company. Furthermore, the auditor was able to identify the reason why these claims were paid. The reason why they were paid was because the participant paid their premium. The insurance company, having received a payment, paid the claims. Then after paying the claim the participant's check bounced. When the check bounced, the participant's policy was retrospectively terminated, but the claim was still paid costing the company hundreds of thousands of dollars per year.

Which looks better in an audit report:

"Audit reviewed 50 transactions and noted one transaction that was processed incorrectly"

or

"Audit used CAATTs and tested every transaction over the past year. We noted XXX exceptions wherein the company paid YYY dollars on terminated policies."

However, the CAATTs driven review is limited only to the data saved on files in accordance with a systematic pattern. Much data is never documented this way. In addition saved data often contains deficiencies, is poorly classified, is not easy to get, and it might be hard to become convinced about its integrity. So, for the present CAATTs is complement to an auditor's tools and techniques. In certain audits CAATTs can't be used at all. But there are also audits which simply can't be made with due care and efficiently without CAATTs.

Specialized software[edit]

In the most general terms, CAATTs can refer to any computer program utilized to improve the audit process. Generally, however, it is used to refer to any data extraction and analysis software. This would include programs such as data analysis and extraction tools, spreadsheets (e.g. Excel), databases (e.g. Access), statistical analysis (e.g. SAS), business intelligence (e.g. Crystal Reports and Business Objects), etc.

Benefits of audit software include:

  • They are independent of the system being audited and will use a read-only copy of the file to avoid any corruption of an organization’s data.
  • Many audit-specific routines are used such as sampling.
  • Provides documentation of each test performed in the software that can be used as documentation in the auditor’s work papers.

Audit specialized software may perform the following functions:

Other uses of CAATs[edit]

In addition to using data analysis software, the auditor uses CAATs throughout the audit for the following activities while performing data analysis:

Creation of electronic work papers[edit]

Keeping electronic work papers on a centralized audit file or database will allow the auditor to navigate through current and archived working papers with ease. The database will make it easier for auditors to coordinate current audits and ensure they consider findings from prior or related projects. Additionally, the auditor will be able to electronically standardize audit forms and formats, which can improve both the quality and consistency of the audit working papers.

Fraud detection[edit]

CAATs provides auditors with tools that can identify unexpected or unexplained patterns in data that may indicate fraud. Whether the CAATs is simple or complex, data analysis provides many benefits in the prevention and detection of fraud.

CAATs can assist the auditor in detecting fraud by performing and creating the following,

Analytical tests[edit]

Evaluations of financial information made by studying plausible relationships among both financial and non-financial data to assess whether account balances appear reasonable (AU 329). Examples include ratio, trend, and Benford's Law tests.

Data analysis reports[edit]

Reports produced using specific audit commands such as filtering records and joining data files.

Continuous monitoring[edit]

Continuous monitoring is an ongoing process for acquiring, analyzing, and reporting on business data to identify and respond to operational business risks. For auditors to ensure a comprehensive approach to acquire, analyze, and report on business data, they must make certain the organization continuously monitors user activity on all computer systems, business transactions and processes, and application controls.

Curb stoning in surveys[edit]

Curb stoning is the term for instances where a surveyor completes a survey form by making up data. Because some of the data should conform with Benford's law, this practice can be detected using CAATTs which provide the capability of performing such tests.

Note on the acronyms CAATTs vs CAATs[edit]

CAATTs and CAATs are used interchangeably. While CAATs has emerged as the more common spelling, CAATTs is the more precise acronym. The acronym CAATTs solves one of the two problems with defining the acronym. CAATs means:

Computer Aided (or Assisted) Audit Techniques (or Tools and Techniques)

The first "A" and the "T" can have two different meanings depending on who uses the term. By using the term CAATTs, one is clearly incorporating both "Tools" AND "Techniques."

Comparison of tools[edit]

Comparison by specification[edit]

Product Name / Brand Developed by Latest stable version Latest release date OS Software license Open source Comments
Arbutus Analyzer Arbutus Software 5.5 2013-03-31 Windows Proprietary commercial No
Audit Command Language (ACL) ACL Services Ltd. 10.5 2013-11-19 Windows Proprietary commercial No Starting 2014 provide a free Excel add-in
ESKORT Computer Audit (SESAM) Intrasoft International Scandinavia A/S 7.8[1] 2014-03-05 Windows Proprietary commercial No Requires Excel for showing graphs and result of Benford law analysis.
Interactive Data Extraction and Analysis (IDEA) CaseWare International Inc. 9.1[2] 2013-03-04 Windows Proprietary commercial No
TopCAATs Reinvent Data Ltd 3.0.2 2013-09-06 Windows Proprietary commercial No Requires Microsoft Excel (TopCAATs is an Excel add-in)

Comparison by analysis features[edit]

The following table compares features of specialized computer-aided audit tools. The table has several fields, as follows:

  1. Product Name: Product's name; sometime includes edition if a certain edition is targeted.
  2. Age analysis: Specifies whether the product supports making age analysis (stratification by date).
  3. Benford's law: Specifies whether the product supports finding abnormal distribution of specific digits accordingly to Benford's law.
  4. Calculated field: Specifies whether the product supports adding extra calculated fields into the table/file. Usually implies using an expression builder feature to build up expressions for defining the field calculation.
  5. Drill-down (Table): Specifies whether the product supports drill-down features by zooming in (filtering) on selected rows in the table.
  6. Drill-down (Pivot): Specifies whether the product supports drill-down features through pivot table.
  7. Matching: Specifies whether the product supports finding matching items for a specific field in a table/file. For example, this could be used to find duplicate billings of invoices within the sales ledger.
  8. Matching (Fuzzy): Specifies whether the product supports finding matching items for a specific field using fuzzy comparison. For instance, values compared are similar but not exactly the same (e.g., using Levenshtein matching).
  9. Sample (Random): Specifies whether the product supports selecting a random sample of rows from the table/file (population).
  10. Sample (Monetary unit): Specifies whether the product supports selecting a monetary unit sample of rows from the table/field (population). This is also known as dollar-unit sampling (when values are in U.S. currency).
  11. Sequence check (Gap): Specifies whether the product supports can find (identify) gabs (in sequences) for a specific field. For example, finding a broken sequence in an invoice number sequence.
  12. Sort field: Specifies whether the product supports sorting (indexing) by a specific field (column). Sorting helps identifying blank/empty values or excessive (out-of-band) values.
  13. Sort multiple fields: Specifies whether the product supports sorting by multiple fields (columns).
  14. Statistics: Specifies whether the product supports calculation and presentation of various statistics on a specific field (e.g., for a numeric fields values such as total number of positive numbers, total number negative numbers, average value (balance), etc.)
  15. Stratification: Specifies whether the product supports stratification on number (amount) values in specified intervals. Splits the population into strata (intervals) and aggregates (summarizes) values. Can be used to find largest, smallest and average amount transactions (rows).
  16. Total row: Specifies whether the products supports displaying a total row for the table/file, e.g. accumulated numerical value.
Product Name Age Analysis Benfords Law Calculated field Drill-down (Table) Drill-down (Pivot) Matching Matching (Fuzzy) Sample (Random) Sample (Monetary unit) Sequence Check (Gap) Sort field Sort multiple fields Statistics Stratification Total row
Analyzer - Arbutus Software Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Audit Command Language (ACL) Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
ESKORT Computer Audit (SESAM) No Yes Yes Yes No Yes No Yes Yes Yes Yes Yes Yes Yes Yes
Interactive Data Extraction and Analysis (IDEA) Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
TopCAATs Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Comparison by other features[edit]

  1. Audit log: Specifies whether the product logs activity performed by the user (the auditor) for later reference (e.g., inclusion into audit report).
  2. Data graph: Specifies whether the product provides graphs of results.
  3. Export (CSV): Specifies whether the product support exporting selected rows to a comma-separated values formatted file. Usually also implies capability to the clipboard (in CSV format) for pasting into applications supporting pasting from CSV files such as Excel.
  4. Export (DBF): Specifies whether the product support exporting (saving) selected rows to a dBase Table file.
  5. Export (Excel): Specifies whether the product support exporting (saving) selected rows to an Excel file. Usually also implies capability to copy the rows to the clipboard (in some format) for pasting into Excel.
Product Name Audit log Data graph Export (CSV) Export (DBF) Export (Excel)
Analyzer - Arbutus Software Yes Yes Yes Yes Yes
Audit Command Language (ACL) Yes Yes Yes Yes Yes
ESKORT Computer Audit (SESAM) Yes Yes Yes Yes Yes
Interactive Data Extraction and Analysis (IDEA) Yes Yes Yes Yes Yes
TopCAATs Yes Yes Yes No Yes

Comparison by data preparation features[edit]

  1. Append/Merge: Specifies whether the product can combine two tables/files with identical fields into a single table/file. For example it could be doing a merge of two years of accounts payable tables/files into a single table/file.
  2. Import wizard: Specifies whether the product provides an import wizard to assist in importing (interpretation, conversion, formatting) data for analysis.
  3. Import (CSV): Specifies whether the product supports import data from a comma-separated values formatted file.
  4. Import (DBF): Specifies whether the product supports import data from dBase DBF files.
  5. Import (Excel): Specifies whether the product supports import data from Microsoft Excel workbook file. Note that different Excel format versions may apply.
  6. Import (SAF-T): Specifies whether the product supports import data from an OECD SAF-T file. As SAF-T is based on XML a more general XML import may cover the feature although direct SAF-T import improves the user experience. Note that different SAF-T format versions may apply.
  7. Import (SIE): Specifies whether the product supports import data from a SIE format file.
  8. Import (XBRL-GL): Specifies whether the product supports import data from a XBRL GL file. As XBRL-GL is based on XML a more general XML import may cover the feature although direct XBRL-GL import improves the user experience. Note that different XBRL-GL format versions may apply.
Product Name Append/Merge Import wizard Import (CSV) Import (DBF) Import (Excel) Import (SAF-T) Import (SIE) Import (XBRL-GL)
Analyzer - Arbutus Software Yes Yes Yes Yes Yes Yes Yes Yes
Audit Command Language (ACL) Yes Yes Yes Yes Yes ? ? Yes
ESKORT Computer Audit (SESAM) Yes Yes Yes Yes Yes No Yes No
Interactive Data Extraction and Analysis (IDEA) Yes Yes Yes Yes Yes[2] Yes Yes Yes
TopCAATs Yes Yes Yes Yes Yes Yes ? Yes

See also[edit]

External links[edit]

References[edit]

  • Information Technology Control and Audit; Frederick Gallegos, Sandra Senft, et al.; 2nd Edition ISBN 0-8493-2032-1
  • Internal Audit: Efficiency through Automation; David Coderre.; 1st Edition ISBN 978-0-470-39242-3
  1. ^ ""SESAM 7.8"". 2013-03-06. Retrieved 2014-03-12. 
  2. ^ a b "IDEA Version 9.1". Retrieved 9 May 2013.