Computers have invaded every sphere of life to such an extent that it is said even criminals need IT skills. Undeniably, in a world of exponentially increasing information, people lack the speed and accuracy of a computer's complex data processing capabilities. Regardless of their speed and capabilities, there are many activities computers cannot do. Computers cannot make any decisions other than what they are programmed to do. In addition, computers cannot deceive, lie, or fabricate data, and they cannot spot or recognize deceit. The inability of computers to spot deceit is a major limitation during fraud investigations, because to identify a fraudster, it is necessary to think like one. Hence, computers and people are indispensable.
The need of the day is a combined computer-human effect or comp-human effect. This comp-human effect is even more pronounced for internal auditors who, in their quest to find the truth, must gather evidence to support their conclusions. For instance, thanks to digital tools such as computer-assisted audit techniques (CAATs), auditors can go through increasingly high volumes of data a lot faster. However, the real value of the audit report lies in the judgment and experience of the internal auditor who must give meaning to the data.
Computer Assisted Audit Techniques (CAATs) are defined as computer-based tools and techniques which help auditors in increasing their productivity as well as that of the audit function. A CAAT is a significant tool for auditors to gather evidences independently. CAATs provide a mean to gain access and to analyse data for a pre-determined audit objective and to report the audit findings with evidences. It helps the auditor to obtain evidence directly on the quality of the records produced and maintained in the system. The quality of the evidences collected gives reassurance on the quality of the system processing such transactional evidences.
Why CAATs are required?
In a diverse digital world of clients’ enterprises, the greatest challenges for an Auditor is to use technology to access, analyse and audit this maze of electronic data. CAATs enable auditors to move from the era of ticks using pencil or pen to the era of clicks by using a mouse. CAATs will help auditors to change focus from time-consuming manual audit procedures to intelligent analysis of data so as to provide better assurance to clients and also mange audit risks. Some of the key reasons for using CAATs are:
1. Absence of input documents or lack of a visible paper trail may require the use of CAATs in the application of compliance and substantive procedures.
2. Need for obtaining sufficient, relevant and useful evidence from the IT applications or database as per audit objectives.
3. Ensuring audit findings and conclusions are supported by appropriate analysis and interpretation of the evidence.
4. Need to access information from systems having different hardware and software environments, different data structure, record formats, processing functions in a commonly usable format.
5. Need to increased audit quality and comply with auditing standards.
6. Need to identify materiality, risk and significance in an IT environment.
7. Improving the efficiency and effectiveness of the audit process.
8. Ensuring better audit planning and management of audit resources.
Key Capabilities of CAATs
CAATs refer to using computer for auditing data as per audit objectives. This requires understanding of the IT environment and most critically the core applications and the relevant database and database structure. CAATs can be used by using the relevant functionalities available in general audit software, spreadsheet software or the business application software. However, broadly the key capabilities of CAATs can be categorised as follows:
1. File access: This refers to the capability of reading of different record formats and file structures. These include common formats of data such as database, text formats, excel files. This is generally done using the import/ODBC function.
2. File reorganisation: This refers to the features of indexing, sorting, merging, linking with other identified files. These functions provide auditor with an instant view of the data from different perspectives.
3. Data selection: This involves using of global filter conditions to select required data based on specified criteria.
4. Statistical functions: This refers to the features of sampling, stratification and frequency analysis. These functions enable intelligent analysis of data
5. Arithmetical functions: This refers to the functions involving use of arithmetic operators. These functions enable performing re-computations and re-performance of results.
Steps involved in Using CAATs
CAATs are very critical tools for Auditors. Hence, it is important to formulate appropriate strategies to ensure their effective use. Some of the key strategies for using CAATs are:
1. Identify the scope and objectives of the audit. Based on this, auditor can decide about the need and the extent to which CAAT could be used.
2. Identify the critical data which is being audited as per audit scope and objectives.
3. Identify the sources of data from the enterprise information system/application software. These could be relating to general ledger, inventory, payroll, sundry debtors and sundry creditors.
4. Identify the relevant personnel, responsible for the data and information system. These personnel could be from the IT department, vendors, managers, etc.
5. Obtain and review documents relating to data/ information systems. This should provide information about data types/data structures and data flow of the system.
6. Understand the software by having a walk-through right from user creation, grant of user access, configuration settings, data entry, query and reporting features.
7. Decide what techniques of CAATs could be used as relevant to the environment by using relevant CAAT software as required.
8. Prepare a detailed plan for analysing the data. This includes all the above steps.
9. Perform relevant tests on audit data as required and prepare audit findings which will be used for forming audit report/opinion as required. Tests Performed Using CAATs
CAATs can be used for compliance or substantive tests. As per the audit plan, compliance tests are performed first as per risk assessment and based on the results of the compliance tests; detailed compliance tests could be performed. Some examples of tests which can be performed using CAATs are given below:
1. Identify exceptions: Identify exceptional transactions based on set criteria. For example, cash transactions above ` 50,000.
2. Analysis of controls: Identify whether controls as set have been working as prescribed. For example, transactions are entered as per authorised limits for specified users.
3. Identify errors: Identify data, which is inconsistent or erroneous. For e.g.: account number which is not numeric.
4. Statistical sampling: Perform various types of statistical analysis to identify samples as required.
5. Detect frauds: Identify potential areas of fraud. For example, transactions entered on week-days or purchases from vendors who are not approved.
6. Verify calculations: Re-perform various computations in audit software to confirm the results from application software confirm with the audit software. For e.g. TDS rate applied as per criteria.
7. Existence of records: Identify fields, which have null values. For example, invoices which do not have vendor name.
8. Data completeness: Identify whether all fields have valid data. For example, null values in any key field such as date, invoice number or value or name.
9. Data consistency: Identify data, which are not consistent with the regular format. For example, invoices which are not in the required sequence.
10. Duplicate payments: Establish relationship between two or more tables as required. For example, duplicate payment for same invoice.
11. Inventory obsolescence: Sort inventory based on data of purchase or categorise as per specified aging criteria or period and identify inventory which has become obsolete.
12. Accounts exceeding authorised limit: Identify data beyond specified limit. For example, transactions entered by user beyond their authorised limit or payment to vendor beyond amount due or overdraft allowed beyond limit.
What else can be done using CAATs?
The auditor uses CAATs throughout the audit for the following additional activities while performing data analysis:
1. Creation of electronic work papers: Keeping electronic work papers on a centralized audit file or database will allow the auditor to navigate through current and archived working papers with ease. The database will make it easier for auditors to coordinate current audits and ensure they consider findings from prior or related projects. Additionally, the auditor will be able to electronically standardize audit forms and formats, which can improve both the quality and consistency of the audit working papers.
2. Fraud detection: CAATs provides auditors with tools that can identify unexpected or unexplained patterns in data that may indicate fraud. Whether the CAATs is simple or complex, data analysis provides many benefits in the prevention and detection of fraud.
3. Analytical tests: Evaluations of financial information made by studying plausible relationships among both financial and non-financial data to assess whether account balances appear reasonable. Examples include ratio, trend, and Benford's Law tests.
4. Data analysis reports: Reports produced using specific audit commands such as filtering records and joining data files.
5. Continuous monitoring: Continuous monitoring is an ongoing process for acquiring, analyzing, and reporting on business data to identify and respond to operational business risks. For auditors to ensure a comprehensive approach to acquire, analyze, and report on business data, they must make certain the organization continuously monitors user activity on all computer systems, business transactions and processes, and application controls.
6. Curb stoning in surveys: Curb stoning is the term for instances where a surveyor completes a survey form by making up data. Because some of the data should conform to Benford's law, this practice can be detected using CAATs which provide the capability of performing such tests.
Conclusion:
CAATs empower CAs with the key survival techniques which can be effectively used in any IT environment. CAATs are not specialist tools designed for use by specialist IT auditors but these are common techniques which can be easily mastered to audit in a computerised environment for statutory audit, tax audit and internal audit as also for providing consulting services. There is a need for highly technologically qualified Chartered Accountants to power the next generation of growth and development in Indian Accountancy profession and CAATs help Chartered Accountants in achieving this motive.
|