Beruflich Dokumente
Kultur Dokumente
Techniques
Hemang Doshi
CISA, ACA,DISA,FIII
Details about this E-Book:
The objective of this e-book is to ensure that CISA candidate get adequate knowledge of
various online auditing techniques. Following techniques are covered in this book:
-ITF
-SCARF
-Snapshot
-Audit hook
-CIS
Question Answer and Explanation (QAE) are designed in accordance with CISA exam
pattern. This small e-book will help CISA candidate to attempt questions on these
techniques more confidently and correctly.
-Auditor can enter dummy or test transactions and verify the processing and results of
these transactions for correctness.
-Processed results and expected results are compared to verify that systems are operating
correctly.
-Example: A dummy asset of $ 100000/- is entered into system to verify whether same is
being capitalized under correct head and depreciation is calculated properly as per correct
rate. Subsequently this dummy transaction is removed after verification of system
controls.
-In this technique an embedded (inbuilt) audit module is used to continuously monitor
transactions.
-SCARF files records only those transactions which are of special audit significance such
transactions above specified limit or transactions related to deviation/exception.
-On regular basis, auditor gets a printout of the SCARF file for examination and
verification.
Snapshot Technique
-In this technique, snaps (pictures) are taken of the transactions as transaction moves
through various stages in the application system.
-Both before -processing and after -processing images of the transactions are captured.
-Auditor can verify the correctness of the processing by checking before-processing and
after-processing images of the transactions.
-In this technique, three important considerations are (i)location where snaps to be taken
(ii)time of capturing snaps and (iii) reporting of snapshot data captured.
Audit Hook
-These are audit software that captures suspicious transactions.
-Criteria for suspicious transactions are designed by auditors as per their requirement.
-For example, in most of the organizations, cash transactions are monitored closely.
Criteria can be designed to capture cash transaction exceeding $ 50000/- All such captured
transaction are subsequently verified by auditor to identify fraud, if any.
-This technique can be used whenever the application system uses the database
management system (DBMS).
-DBMS reads the transaction which is passed to CIS. If transaction is as per selected
criteria, then CIS examines the transaction for correctness.
-CIS determines whether any discrepancies exist between the results it produces and those
the application system produces.
-As high complex criteria can be set in CIS, it is the best technique to identify transactions
as per pre-defined criteria.
When early detection of error or irregularities is required- answer has to be audit hook.
Best technique to identify transactions as per pre-defined criteria-answer has to be CIS.
Explanation: -In snapshot technique, snaps (pictures) are taken of the transactions as
transaction moves through various stages in the application system.
-Both before -processing and after -processing images of the transactions are captured.
-Auditor can verify the correctness of the processing by checking before-processing and
after-processing images of the transactions.
(2)Integrated test facility (ITF) has advantage over other automated audit tools because of
its following characteristics:
Explanation: In ITF, fictitious entity is created in LIVE environment. Auditor can enter
dummy or test transactions and verify the processing and results of these transactions for
correctness. Processed results and expected results are compared to verify that systems are
operating correctly. ITF does not verify system integration neither it is used to generate test
data. ITF does not validate the ongoing operation of the system.
(4) Management of an organisation is evaluating automated audit tool for its critical
business processes. Which of the following audit tools is MOST useful for the early
detection of errors or irregularities?
Explanation: The audit hook technique involves embedding code in application systems
for the examination of selected transactions. This helps the IS auditor to act before an error
or an irregularity gets out of hand. Audit hooks have very low complexity in designing
criteria and hence most useful tool when early detection is warranted.
(5)Which of the below online auditing tool would best identify transactions as per pre-
defined criteria?
A. Systems Control Audit Review File and Embedded Audit Modules (SCARF/EAM)
B. Continuous and Intermittent Simulation (CIS)
C. Integrated Test Facilities (ITF)
D. Audit hooks
Explanation:
As high complex criteria can be set in CIS, it is the best technique to identify transactions
as per pre-defined criteria. Continuous and Intermittent Simulation (CIS) is a moderately
complex set of programs that during a process run of a transaction, simulates the
instruction execution of its application. As each transaction is entered, the simulator
decides whether the transaction meets certain predetermined criteria and if so, audits the
transaction. If not, the simulator waits until it encounters the next transaction that meets
the criteria. Audits hooks which are of low complexity focus on specific conditions instead
of detailed criteria in identifying transactions for review. ITF is incorrect because its focus
is on test versus live data.
In ITF technique, auditor can enter dummy or test transactions and verify the processing
and results of these transactions for correctness. Processed results and expected results are
compared to verify that systems are operating correctly. Other options are not correct in
view of ITF characteristics.
(7) To identify excess inventory for the previous year, which online auditing technique can
be used?
A. Test data
B. Generalized audit software
C. Integrated test facility
D. Embedded audit module
Explanation: The IS auditor, using generalized audit software, could design appropriate
tests to identify excess inventory. Test data would not be relevant here as audit will be
required on actual data. ITF and EAM cannot detect errors for a previous period.