CAATs for test of controls and audit procedures

How can IS Auditor and management take advantage during an evaluation of the business processes and/or audit procedures through the use of Computer Assisted Audit Techniques as part of the financial audit procedures and test of controls place in operations.

Agenda

• Course Objectives• What is a CAAT?• Why Use CAAT Tests• Types of Data Analysis/CAATs• Basic CAAT Techniques• Data Analysis Methodology• Factors Affecting the Reliability• Test of Controls (SOX, SAS 99, ITGC, Compliance)• Substantive Testing (Payroll, A/R, A/P and Inventory)• Examples• Benefits

Presented by: Juan C. Rego

Course Objectives

At the end of this course you will:

• Understand what is a CAAT.• Understand types of CAATs and techniques.• Understand Data Management Methodology.• Understand CAATs benefits.

A CAAT is the use of a software application or an extract of data to search for and identify trends, exceptions errors, or indications of potential fraud by comparing and analyzing files according to criteria established by the auditor or management. These applications may be purchased packages, such as ACL, Access, Monarch, Excel or embedded report writers that are available with a related business application. This automated testing capability replaces traditional manual searches, tests or samples. From the output generated from the CAAT, an auditor or management can review or test an entire population, at a level of coverage that would not be possible under manual testing methods.

CAATS enable auditors and management to perform many, varied testing routines such as recalculating and verifying balances, identifying control issues, testing for compliance with standards, aging and analyzing accounts receivables/payables or any other time sensitive transactions, testing for duplicate payments, and gaps in invoice numbers, etc. CAATs can increase the effectiveness of an auditor’s or management’s work by impacting the depth of the auditor’s or management’s analysis and understanding because data tells the story!

What is a CAAT?

Why Use CAAT Tests

Validate financial reports and informationIncreased report flexibility and choicesMerge files (e.g. inventory and sales, across business units)Independent of financial system prepared reportsIncrease efficiency and effectiveness of audit testing

- focus – transaction types, trends etc- scope – all data, all systems, all locations- risk management – better transaction information

Types of Data Analysis/CAATs

Substantive Testing• Examine transactions and records to gain assurance over

accounting and propriety of an account• Use CAATs to select a targeted sample (absolute value, outliers,

trend analysis)Compliance

• May not be able to test all controls using standard compliance testing procedures

Analytical Review• Compare balances/ratios between accounting periods – often

performed manually but CAATs enables more sophisticated and complex factors to be included

Value-for-Money Studies• Many CAATs opportunities – slow moving inventory, items past

shelf life, receivables over two years old etc. Use to examine areas where value for money appears at risk or a company bears financial risk.

Basic CAAT TechniquesData File Interrogation− Select records that meet certain criteria (age, source,

amount, etc)− Select records for detailed examination− Run report totals and sub-totals from accounting files− Population stratification− Search for duplicate transactions

− Compare contents of two files (Matches where none should occur)

− Sort and merge files in preparation for other audit tests− Parallel simulation (e.g. interest calculations)

Embedded Audit Modules- An audit application permanently resident in the processing

system (typically high volume)- Select transactions that meet a range of criteria defined by

management and/or auditor.

Using Audit Software - Methodology

Refine Data Request

Audit Objectives

Identify Data

Request Data

Run Test CAATS

Test Results

Good CAAT Reports

Run CAATS

Poor

Document Results

Reporting

Data Analysis Methodology

PLANNING

Decision Factors for Using CAATs

When planning the audit, the IS Auditor should consider an appropriate combination of manual techniques and CAATs. In determining whether to use CAATs, the factors to be considered include:

■ Computer knowledge, expertise, and experience of the IS Auditor■ Availability of suitable CAATs and IS facilities■ Efficiency and effectiveness of using CAATs over manual Techniques ■ Time constraints■ Integrity of the information system and IT environment■ Level of audit risk

Chart

Identify Data

Meet with the owner of the data and the application programmer. Based upon the objectives of the audit or analysis, determine the best data sources and the key fields or data elements that are required by the auditor.

Obtain the name and phone information of the programmer or system analyst, and a copy of the data dictionary and other documentation for the application system.

Chart

Request the data

Prepare a formal request for the required data, specifying:

• The data source and key fields

• When the data will be needed

• The timing of the data (for example as of Mar 31, 2006

• The data transfer format (CD-ROM, FTP, Tape)

• The data format (DBF, Delimited, Flat file, ODBC, ASCII, EBCDIC)

• Control Totals (number of records, key numeric field totals)

• Record layout (field name, start position, length, type, description)

Chart

Data File Attributes and Structures

Common data files acceptable:

Delimited –fields separated by delimiter such as (^) (,) (|) (‘) (~)Fixed –every field is a predetermined lengthOthers –including items such as Access, Excel & Dbase files.

Multi-line flat files:

These files are reports from the systems that have usually additional information you do not need like sub-totals.

Need to be brought in as Print doc’s.Define detail line and header/footer lines (if any)Identify an item to ‘Trap on’ in each lineDefine the fields in the header & footer (if any)Define the fields in the detail lines of the report

Chart

Examples of Data File Attributes and Structures

Flat File

1289923 Pedro Perez 10/30/20002318834 Luis Alfonso 8/1/19993430903 Federico Lopez 5/3/2001

Delimited File1289923, Pedro, Perez, 10/30/2000 2318834, Luis, Alfonso, 8/1/1999 3430903, Federico, Lopez, 5/3/2001

Multiple-Record Type File1 Pedro Perez 1223 Grey Street New York2 Red Paint $23.99 4/21/20022 3" Brushes $3.92 5/12/20022 Turpentine 1 $4.30 8/18/20021 Luis Lopez 40 Maple Street Miami2 Sandpaper 10 $0.97 12/2/2002

Sub-Total $33.18

Chart

Run Test CAATs and Verify the Data

Import/Access the data:Ensure that the software that will be used to analyzed the data can read the data file correctly.

Verify the transfer process and perform an initial assessment of the integrity of the data:Check that the data transfer was successful and that all the information was correctly received and interpreted by the software to be used to analyze the information.

• Ensure that all requested fields are presented in the data• Check totals against control totals ( number of records, key numeric fields)• Verify the time period covered by the data to ensure that proper file has been sent• Verify with the data owner that this data can be used to address the stated objective• Ensure the analysis software is properly interpreting fields – numeric fields contain numeric data and date fields have valid dates• Select a few records and compare what you have to the application system (on-line query)

Chart

Run CAATs

Understand the data

Use various high-level commands, such as summarize and sort, to get a better understanding of the data. Total numeric fields, determine rages of values for key numeric fields and date fields, and determine all possible values for key character fields (summary).

Perform required analysis

Perform the required analysis, as outlined in the analysis planning, to address the audit or investigation objectives.

Verify Results

Review the results obtained and compare expected results. Where possible ensure that results are verified against independent sources and obtain original documents.

Chart

CAATs Documentation

Workpapers

The step-by-step CAATs process should be sufficiently documented to provide adequate audit evidence.

Specifically, the audit workpapers should contain sufficient documentation to describe the CAATs application, including the details set out in the following sections.

Documentation should include:CAATs objectivesCAATs to be usedControls to be exercisedStaffing and timingCAATs preparation and testing procedures and controlsDetails of the tests performed by the CAATsDetails of inputs (e.g., data used, file layouts), processing (e.g., CAATs

high-level flowcharts, logic) and outputs (e.g., log files, reports)Listing of relevant parameters or source code

Chart

CAATs Reporting

Description of CAATsThe objectives, scope and methodology section of the report should

contain a clear description of the CAATs used. This description should not be overly detailed, but it should provide a good overview for the reader.

The description of the CAATs used should also be included in the body of the report, where the specific finding relating to the use of the CAATs is discussed.

If the description of the CAATs used is applicable to several findings, or is too detailed, it should be discussed briefly in the objectives, scope and methodology section of the report and the reader referred to an appendix with a more detailed description.

Factors Affecting the Reliability of Analysis/Results

Data

Accuracy – Data Contains errors (e.g., GL Acct, Unit price)

Completeness – Missing records, required fields no included or blank.

Timing – Data from another period included; not all data from current period included.

Definition – Data has not been properly defined, transferred, downloaded and read (e.g., date fields are improperly defined).

Auditor Analysis

Incorrect – Analysis not done properly (e.g., miscalculating dates; not removing duplicates).

Invalid – Analysis does not support audit objective (e.g., Using wrong dates to calculate delivery time or interest payments)

Incomplete – Only a partial analysis was performed

Test of Controls

Sarbanes Oxley opportunitiesEstablish as class leading control requirementsQuantify impact of control weaknessesMonitoring Controls – identify transactions/balances that are

unusual or unexpected for investigation. Use to identify possible control weaknesses, plus provide assurance that certain transactions/events did not occur

Review of Manual Journal EntriesRelated Party TransactionsEmbedded Audit ModulesQuarterly/Periodic Testing for Risk Areas/Key Controls

SAS 99

“SAS No. 99 (Consideration of Fraud in a Financial Statement Audit), part of the series of Statements on Auditing Standards (SAS), was issued in October 2002 by the AICPA Auditing Standards Board.SAS 99 was issued partly in response to recent accounting scandals at Enron, WorldCom, Adelphia, and Tyco.”

Under SAS 99, we are required on all audits to address the risk of management override of controls relating to the processing of journal entries and other adjustments.

SAS 99

Pre-Requisite Tests

CompletenessData files must be tested for completeness. To test for completeness, auditors or management will take the Prior Year Trial Balance plus the Current Year Journal Entries to see if they equal the Current Fiscal Year Trial Balance. This test will ensure auditors or management have obtained a complete general ledger download for the specified accounting period.

Math AccuracyAn analysis of each transaction as well as the account totals to determine the instances where debits do not equal credits. A complete and accurate data file will result in total debits equalling total credits.

Data IntegrityAn analysis to determine the integrity of the data and to verify the fields in the data files. This ensures a complete understanding of the journal entry record layout.

Additional Tests to Perform

Test Name Description

Large Items Testing to identify the manual and/or system journal entries with the largest value.

Large Items (P&L) Analysis of the journal entries to find top P&L entries over a certain scope. Top 30 entries will be reported unless otherwise specified.

Benford’s Law Analysis

The Benford’s Law is a technique that counts the number of times a leading digit(s) occurs within a given data set and indicates whether there are any unusually high or low occurrences of particular digits. The actual rate of occurrence of each digit (1 through 9) in the data set is then compared to average occurrence rates as determined by Benford’s Law.

Unusual TimingTesting to determine entries made at unusual time of the day, such as after hours or on weekends, or prior to or immediately following key period-end accounting dates.

Unusual Journal Entries

Identification of any unusual General Ledger Account combinations. For example, transfers from operating expenses to depreciation; transfers from leased sales to outright sales; transfers from deferred income to current year P&L.

Backdated Entries Identification of entries that have a post date prior to the journal entry date.

Unusual User Testing to identify journal entries made by unusual users, or which indicated blank or nonsensical user names.

Unauthorized User Testing to identify inappropriate users, i.e. users not allowed to approve journal entries.

Inappropriate User Testing to identify journal entries made by inappropriate users (i.e. users who enter and approve journal entries; IT staff; or Senior Management).

Additional Tests to Perform

Test Name Description

Intercompany Identification of unusual intercompany transactions.

Suspicious Dollar Items (000’s)

Identification of journal entries that have a whole dollar amount over a specified scope, i.e. if the scope is set at $100,000, testing will be performed to identify any journal entry amounts that have a whole dollar amount such as $120,000.

Under ThresholdIdentification of journal entries just under a threshold (i.e. if any postings over $1,000.00 require an approval process, testing would be done to identify any journal entry amounts of $999.99 or $999.00).

Suspense Journal Entries

Analysis of all suspense accounts to identify large journal entries the hit the accounts.

Seldom Used Accounts

Identification of infrequently used general ledger accounts. Benchmark set at accounts with less than 5 journal entries during the fiscal year.

Duplicates Testing Identification of potentially duplicate journal entries, excluding those automated systemic entries of the same amount that are regularly posted.

Reversal TestingTesting of journal entries to identify those that are subsequently reversed during the period under review, i.e. identification of exact amounts AND account numbers on both sides of the journal entries.

Disaggregate analytics

Accounts over time analysis/Volume analysis: Analysis to determine the breakdown of quarterly revenue by month, week, or day.

JE# gap analysis Identification of missing or duplicate journal entry numbers.

Sequential Batch # Identification of missing or duplicate batch postings.

Post-Close Entries Identification of journal entries made post accounting adjustment period.

Completeness TestXYZ, Inc.Q4 SAS99 TestingCompleteness Test - ALLFY2004

The test summarizes all the current year activity by account, and combines this activity with the prior period Trial Balance to re-compute the ending balance for each account.This balance is then compared to the balance listed on the Trial Balance.

Acc_Num Account_Description TB_BegBal JE_DebitAmt JE_CreditAmt Auditor_Ending_Balanc Client_Ending_Balance Variance1010 Petty Cash 652.69$ -$ 436.49$ 216.20$ 216.20$ -$ 1010 Petty Cash -$ 2,612.55$ 2,487.37$ 125.18$ 125.18$ -$ 1015 Petty Cash 300.22$ 4,805.57$ 5,105.79$ -$ -$ -$ 1030 Cash - Local Checking 11,991.11$ 8,482.00$ 10.00$ 20,463.11$ 20,463.11$ -$ 1032 Cash - Foreign Checking 15,914.08$ 28,469.06$ 17,755.87$ 26,627.27$ 26,627.27$ -$ 1040 Cash - Payroll (39,305.97)$ 121,177,042.22$ 121,301,933.91$ (164,197.66)$ (164,197.66)$ -$ 1255 Inventory Returned-Vendor for C 694,964.28$ 3,906,193.76$ 2,834,619.20$ 1,766,538.84$ 1,766,538.84$ -$ 1265 Inventory Adjustment Reserve (3,294,017.30)$ 3,484,048.44$ 590,028.85$ (399,997.71)$ (399,997.71)$ -$ 6500 Material Supplies -$ 6,306,681.00$ 1,590,810.02$ 4,715,870.98$ 4,715,870.98$ -$ 6500 Material Supplies -$ 447,418.80$ 184,433.07$ 262,985.73$ 262,985.73$ -$ 6502 Outside Projects -$ 73,628.01$ 4,979.50$ 68,648.51$ 68,648.51$ -$ 6720 Recruitment -$ 30,020.80$ 27,020.80$ 3,000.00$ 3,000.00$ -$ 9100 Current Tax Provision-Fed -$ 214,943.51$ -$ 214,943.51$ 214,943.51$ -$ 9120 Foreign Tax Withholdings -$ 298,418.28$ -$ 298,418.28$ 298,418.28$ -$ 9210 Deferred Tax Prov-State -$ -$ 1,078.64$ (1,078.64)$ (1,078.64)$ -$ 9300 Income/Loss From Discontinued O -$ 228.57$ 228.57$ -$ -$ -$ Z102 COS Expenses -$ 204,040,531.67$ 193,339,520.62$ 10,701,011.05$ 10,701,011.05$ -$ Z199 Offset for Expense Allocation -$ 365,255,432.49$ 378,834,239.37$ (13,578,806.88)$ (13,578,806.88)$ -$

Totals 0.00$ 15,736,749,027.74$ 15,736,749,027.74$ (0.00)$ (0.00)$ -$

XYZ, Inc.Q4 SAS99 TestingUnusual Timing Entries - Summary07/2004 - 12/2004

Note: This test identifies manual entries entered at unsual times of the day (12am to 5am) for companies 10, 40, and 50

JE_DocNoJE_BatchNo JE_Period JE_PostDate JE_EntryDJE_EntryTime JE_SOURCE JE_DebitAmt JE_CreditAmt JE_Amount50018 122421.000000 SEP-04 10/1/2004 10/08/20045:13:47 AM Spreadsheet -$ 331.35$ (331.35)$ 50019 122422.000000 SEP-04 10/1/2004 10/08/20045:29:44 AM Manual -$ 14,500.00$ (14,500.00)$ 50174 122544.000000 SEP-04 10/1/2004 10/09/20045:53:32 AM Manual -$ 15,000.00$ (15,000.00)$ 53116 128992.000000 DEC-04 12/31/2004 01/07/200512:59:00 AM Manual -$ 126.09$ (126.09)$

Unusual Timing Summary

XYZ, Inc.Q4 SAS99 TestingUnusual Dates07/2004 - 12/2004

Note: This test identifies manual entries entered on the weekends (Where 1 = Sunday, 7 = Saturday) or on holidays for companies 10, 40, and 50

JE_DocNoJE_BatchNo JE_PeriodJE_PostDate JE_EntryDate EntryDow Holiday JE_SOURCE JE_DebitAmt JE_CreditAmt JE_Amount JE_UserID47155 116094 JUL-04 7/10/2004 07/10/2004 7 N/A Manual -$ (276,168.00)$ 276,168.00$ 2760 47169 116100 JUL-04 7/10/2004 07/10/2004 7 N/A Manual (67,250.00)$ -$ (67,250.00)$ 2760 47178 116109 JUL-04 7/10/2004 07/10/2004 7 N/A Manual -$ (20,000.00)$ 20,000.00$ 2760 47938 117892 JUL-04 7/30/2004 08/07/2004 7 N/A Manual -$ 90.22$ (90.22)$ 1052 49012 120264 AUG-04 8/27/2004 09/12/2004 1 N/A Manual -$ 26,150.00$ (26,150.00)$ 1052 49013 120265 AUG-04 8/27/2004 09/12/2004 1 N/A Manual -$ 21,489.42$ (21,489.42)$ 1052 49014 120266 AUG-04 8/27/2004 09/12/2004 1 N/A Manual -$ 1,500.00$ (1,500.00)$ 1052 50403 122913 OCT-04 10/15/2004 10/17/2004 1 N/A Spreadsheet -$ 220,293.69$ (220,293.69)$ 4682 50405 122914 OCT-04 10/15/2004 10/17/2004 1 N/A Spreadsheet -$ 2,866.31$ (2,866.31)$ 4682 50409 122916 OCT-04 10/14/2004 10/17/2004 1 N/A Spreadsheet -$ 50,642.84$ (50,642.84)$ 4682 52703 128606 DEC-04 12/31/2004 01/02/2005 1 N/A Spreadsheet 3,265.00$ -$ 3,265.00$ 4682 53383 129247 DEC-04 12/28/2004 01/09/2005 1 N/A Spreadsheet -$ 136.25$ (136.25)$ 4682 53385 129248 DEC-04 12/28/2004 01/09/2005 1 N/A Spreadsheet -$ 57,784.90$ (57,784.90)$ 4682 54402 130582 DEC-04 12/29/2004 01/30/2005 1 N/A Spreadsheet 221,917.65$ -$ 221,917.65$ 4682

Unusual Dates Summary

Automated testing of system access logsComparison of users to employee recordsSearch for employees with access to production systemsSearch for terminated employees with system accessValidate Segregation of Duties based on job responsibilitiesSearch for dormant users through the systemsValidate access approved vs. access grantedCompare current access lists with previous periods to detect changes

IT General Controls

Example Dormant users

As of: 01/26/2006 16:43:03

Command: AGE ON TrueLastLogonTime CUTOFF 20060126 INTERVAL 0,30,60,90,120 TO SCREEN

Table: AD

Days Count Percent of Count0 - 29 2,870 51.79%

30 - 59 181 3.27%

60 - 89 105 1.89%

90 - 120 119 2.15%

>120 2,267 40.91%

Totals 5,542 100%

Substantive Testing

Check for payments to fictitious employees (match payroll file to HR Master file)Check for payments to terminated employees (match payroll file to HR Master file)Check Payroll Stats (Does rate per hour per payroll file agree to HR Master?, etc)Statistics on employee time worked (based on payroll file)Overtime Analysis (compare departments and look for anomalies; look for anomalies among individuals)

Payroll

Testing Examples: Ghost Employees Testing

Non issued SSNs:

AH_BUSINES WORK_LOCAT NAME SSN STATUSRetail Operations 09226 Miami Jones, David 333-24-5555 A Retail Operations 09453 Clearwater Tap, John 542-44-9999 A Retail Operations 30507 Irvington Brown, Paul 323-33-2345 A Retail Operations 32544 Massapequa Hamilton, Gavin 324-54-3456 A

http://www.ssa.gov/employer/highgroup.txt

Social Security Death Master File

http://www.ntis.gov/products/ssa-dmf.asp?loc=4-0-0

DMF) from the Social Security Administration (SSA) contains over 65 million records

Check for duplicate disbursementsSearch for unrecorded liabilitiesCheck for employees in the Vendor Master FileCheck for A/P disbursements made to employees Vendor Master File “cleanup” Aging of A/P itemsCheck for “off-ledger” disbursements Invoices without related Purchase OrdersIdentify largest vendorsIdentify Vendors with debit balancesDisbursements by vendor Statistics on Open Purchase Orders – amount, age, etc.Check No Sequence TestBenford’s Law Analysis

A/P

Duplicate disbursements

A/R

Top customersTop invoicesCustomer with negative balancesDetailed AgingTest of client’s AgingTest for large, old customer balancesA/R amounts by type (invoice, credit memo, unapplied cash) Liquidation of A/R (Subsequence collations)Test for Duplicate Customer Numbers

Accounts Receivable Example

InventoryDistribution of items per warehouseAge of itemsTop number itemsTop Value itemsCost ComparisonsInventory with Negative UsageInventory with Zero Usage Items with Negative Extended CostsItems with Negative Unit CostsObsolescence Testing Standard cost validationProduction variance and cost build upPurchase price varianceProducing reports of products where costs exceed market value

Inventory Example: Negative or zero unit costs or quantities

Page ... 1 01/25/2005 10:16:52Produced with ACL by: xxxx

ABC COMPANY 12/31/2004

Negative Quantities or Unit Costs

STAGE WHSE PART UNIT ONHAND EXTENDEDNUMBER COST QUANTITY PRICE

FG 01 50015001 0.412361 -3,910.000 -1,612.33FG 01 50415002 0.447187 -1,951.000 -872.46WP SF 06835 0.904241 -42.000 -37.97FG 01 51015010 0.280243 -4,228.000 -1,184.86FG 01 51015012 0.283411 -4,218.000 -1,195.42WP KB 51215001 0.258196 -1,638.000 -422.92WP SP 51418007 0.024252 -216.000 -5.23FG 01 52215015 0.242124 -4,929.000 -1,193.42FG 01 06643 2.860398 -11.000 -31.46FG 01 06644 2.803664 -400.000 -1,121.46FG 01 06685 2.676433 -280.000 -749.40WP KB 52102007 0.907691 -7,035.000 -6,385.60WP KB 52115017 0.244740 -6,396.000 -1,565.35WP OO 52118003 0.048260 -108.000 -5.21WP KB 52131007 0.120318 -5,466.000 -657.65WP KB 52140006 0.101432 -6,496.000 -658.90FG 01 06777 -1.847080 2,600.000 -4,802.40WP SF 07003 1.726580 -15,800.000 -27,279.96FG 01 07003 1.726580 -5,000.000 -8,632.90

-58,415.13

Inventory Example: Purchase Price testing

Page ... 1 01/25/2005 10:16:52Produced with ACL by: xxxx

ABC COMPANY 12/31/2004

PURCHASE PRICE TESTING (PARTS WITH MORE THAN $500 EXTENDED DIFFERENCE)

STAGE WHSE PART ONHAND INV PURCHASE EXTENDEDNUMBER QUANTITY COST PRICE DIFFERENCE

RM KB 57117102 36,476 0.143028 0.940000 29,070.35RM 01 50502123 11,581 0.166011 0.960000 9,195.19RM SF 50102106 3,539 1.355803 1.990000 2,244.42RM KB 50512103 22,148 0.088434 0.124000 787.72RM 01 50202101 1,200 0.488318 0.960000 566.02RM 01 50515103 7,867 0.241510 0.140000 -798.58RM 01 50202102 2,500 0.971971 0.460000 -1,279.93

39,785.19

Many different methods can be used to determine the purchase price for this testing.

Inventory Example: Obsolesce testing

Page ... 1 01/25/2005 10:16:50Produced with ACL by: xxxx

ABC COMPANY 12/31/2004

QUANTITY GREATER THAN CURRENT YEAR'S USAGE/SALES, BUT USAGE/SALES NOT ZERO Extended Excess > $5000

STAGE WHSE PART QUANTITY 2004 CURRENT TOTALNUMBER SALES/USAGE COST EXCESS USAGE

OVER 1 YEARRM KB 87295018 16,381 3,331 3.354372 43,774.55RM KB RM99979 66 1 119.558880 7,771.33

51,545.88QUANTITY NOT EQUAL TO ZERO, USAGE EQUAL TO ZERO

Extended Excess > $5000 STAGE WHSE PART QUANTITY 2004 CURRENT TOTAL

NUMBER SALES/USAGE COST EXCESS USAGEOVER 1 YEAR

RM OO 58010001 24,000 0 1.357200 32,572.80RM RE FG60100 2,265 0 12.308760 27,879.34WP RJ 51490006 1,595 0 14.633727 23,340.79WP KB 51402001 42,821 0 0.521036 22,311.28RM KB 87295019 6,000 0 3.468168 20,809.01WP SP 52118004 160,042 0 0.088336 14,137.47WP KB 53515009 32,571 0 0.258460 8,418.30WP KB 51431002 85,559 0 0.091905 7,863.30WP KB 51415002 31,063 0 0.248531 7,720.12WP RJ 51418014 82,852 0 0.060367 5,001.53

170,053.94

Many different methods can be used to determine usage and sales.

Testing Examples: Corporate Card Misuse

String Searches

Testing Examples: Parallel Simulation

Parallel simulation can be used to verify an application system’s internal programming logic by simulating the processing it performs.

Example – A programmer has altered the benefits calculation to overpay friends. It is possible to verify entitlements by obtaining the input data, and performing the necessary calculations to determine the correct benefit amounts. Follow-up is required where the auditor’s results differ from those of payroll application.

Example Statistics on Principal

As of: 09/25/2004 17:54:34

Command: STATISTICS ON INV_PRIN TO SCREEN NUMBER 5Table: TB7_0804_Detail

Number Total Average

Range - 3,670,605.87 -

Positive 30,329 2,769,993,715.18 91,331.52

Negative 43 -2,696,658.64 -62,712.99

Zeros 367 - -

Totals 30,739 2,767,297,056.54 90,025.60

Abs Value - 2,772,690,373.82 -

Highest Lowest3,163,185.87 -507,420.003,000,000.00 -459,287.582,200,000.00 -242,951.001,854,900.00 -132,300.001,747,148.15 -118,758.80

Example Stratification on Interest RatesAs of: 09/25/2004 17:57:47

Command: STRATIFY ON INV_RATE INTERVALS 5 TO SCREENTable: TB_0804_Detail

Minimum encountered was 1.88500Maximum encountered was 60.0000

INTEREST_RATE Count Percent of Count1.000 - 20.799 30,362 98.77%

20.800 - 40.599 0 0%

40.600 - 60.399 377 1.23%

60.400 - 80.199 0 0%

80.200 - 100.000 0 0%

Totals 30,739 100%

Example Stratification on Interest Rates

Data Analysis Benefits

Often referred to as CAATs (Computer Assisted Audit Techniques). Data Analysis offers the following benefits:

• Draw supportable conclusions • Verify that a system or process is functioning properly• Automate manual substantive testing• Regulatory compliance, fraud or litigation analysis• Increase audit coverage and assurance (100%)• Works well when coordinated with controls audit• Saves time (sometimes even in the first year)

The data tells the story! Enables you to quantify the financial impact of business decisions, accounting practices, and internalcontrolsUsers react to problems/opportunities that are quantified

References:

www.pwc.com

www.isaca.org

http://www.auditnet.org/caatt.htm

Any Questions?Email: juanrego@yahoo.es