Case Studies.

Preface.

Acknowledgments.

Chapter 1. CAATTs History.

The New Audit Environment.

The Age of Information Technology.

Decentralization of Technology.

Absence of the Paper Trail.

Do More with Less.

Definition of CAATTs.

Evolution of CAATTs.

Audit Software Developments.

Historical CAATTs.

Test Decks.

Integrated Test Facility (ITF).

System Control Audit Review File (SCARF).

Sample Audit Review File (SARF).

Sampling.

Parallel Simulation.

Reasonableness Tests and Exception Reporting.

Traditional Approaches to Computer–Based Auditing.

Systems–Based Approach.

Data–Based Approach.

Audit Management and Administrative Support.

Roadblocks to CAATT Implementation.

Summary and Conclusions.

Chapter 2. Audit Technology.

Audit Technology Continuum.

Introductory Use of Technology.

Moderate Use of Technology.

Integral Use of Technology.

Advanced Use of Technology.

Getting There.

General Software Useful for Auditors.

Word Processing.

Text Search and Retrieval.

Reference Libraries.

Spreadsheets.

Presentation Software.

Flowcharting.

Antivirus and Firewall Software.

Software Licensing Checkers.

Specialized Audit Software Applications.

Data Access, Analysis, Testing, and Reporting.

Standardized Extractions and Reports.

Information Downloaded from Mainframe Applications and/or Client Systems.

Electronic Questionnaires and Audit Programs.

Control Self–Assessment.

Parallel Simulation.

Electronic Working Papers.

Data Warehouse.

Data Mining.

Software for Audit Management and Administration.

Audit Universe.

Audit Department Management Software.

E–mail.

File Transfer Protocol (FTP).

Intranet.

Databases.

Groupware.

Electronic Document Management.

Electronic Audit Reports and Methodologies.

Audit Scheduling, Time Reporting, and Billing.

Project Management.

Extensible Business Reporting Language (XBRL).

Expert Systems.

Audit Early–Warning Systems.

Continuous Auditing.

Continuous Auditing versus Continuous Monitoring.

Example of Continuous Auditing: Application to an Accounts Payable Department.

Stages of Continuous Auditing.

Continuous Auditing Template.

Sarbanes–Oxley.

Important SOX Sections.

The Role and Responsibility of Internal Audit.

Risk Factors.

Detecting Fraud.

Determining the Exposure to Fraud.

SOX Software.

Assessment of IT Controls and Risks.

Defining the Scope.

GAIT Principles.

Governance, Risk Management, and Compliance (GRC).

Internal Audit′s Role in the GRC Process.

Identifying and Assessing Managementâ??s Risk Management Process.

Assessment of Internal Control Processes.

GRC Software.

Summary and Conclusions.

Chapter 3. CAATTs Benefits and Opportunities.

The Inevitability of Using CAATTs.

The New IM Environment.

The New Audit Paradigm.

Expected Benefits.

Planning Phaseâ??Benefits.

Conduct Phaseâ??Benefits.

Data Analysis.

Increased Coverage.

Better Use of Auditor Resources.

Improved Results.

Reporting Phaseâ??Benefits.

Administration of the Audit Functionâ??Benefits.

Reduced Costs.

Increased Performance.

Increased Time for Critical Thinking.

Recognizing Opportunities.

Transfer of Audit Technology.

Summary and Conclusions.

Chapter 4. CAATTs for Broader–Scoped Audits.

Integrated Use of CAATTs.

Value–for–Money Auditing.

Value–Added Auditing of Inventory Systems.

Data Analysis in Support of Value–Added Inventory Auditing.

Inventory Management Practices and Approaches.

Possible Areas for Audit–Suggested Improvements.

Audit and Reengineering.

Audit and Benchmarking.

Summary and Conclusions.

Chapter 5. Data Access and Testing.

Data Access Conditions.

Mainframe versus Minicomputer versus Microcomputer.

Portability of Programs and Data.

Limitations to Using the Microcomputer.

Processing Speeds.

Single Tasking.

Inability to Deal with Complex Data and File Structures.

Client Facilities.

Auditor′s Microcomputer–Based Facilities.

Data Extraction and Analysis Issues.

Accessing the Data.

Data Storage Requirements.

Analysis of Data.

Risks of Relying on Dataâ??Reliability Risk.

Reliance on the Data.

Knowledge of the System.

Assessment of the Internal Controls.

New Topology of Data Tests.

Reducing Auditor–Induced Data Corruption.

Potential Problems with the Use of CAATTs.

Incorrect Identification of Audit Population.

Improper Description of Data Requirements.

Invalid Analyses.

Failure to Recognize CAATT Opportunities.

Summary and Conclusions.

Chapter 6. Developing CAATT Capabilities.

Professional Proficiency: Knowledge, Skills, and Disciplines.

Computer Literacy: Minimal Auditor Skills.

Ability to Use CAATTs.

Understanding of the Data.

Analytical Support and Advice.

Communication of Results.

Steps in Developing CAATT Capabilities.

Understand the Organizational Environment/Assess the Organizational Culture.

Obtain Management Commitment.

Establish Deliverables.

Set Up a Trial.

Plan for Success.

Track Costs and Benefits.

Lessons Learned.

Organize Working Groups.

Computer Literacy Working Group.

CAATT Working Groups.

Information Systems Support to Audit.

Assure Quality.

Quality Assurance Methodology.

Preventive Controls for CAATTs.

Detective Controls for CAATTs.

Corrective Controls for CAATTs.

Quality Assurance Reviews and Reports.

Summary and Conclusions.

Chapter 7. Challenges for Audit.

Survival of Audit.

Audit as a Learning Organization.

Knowledge Acquisition.

Information Dissemination.

Information Interpretation.

Organizational Memory.

New Paradigm for Audit.

Computer–Assisted Audit Techniques.

Computer–Aided Audit Thought Support.

Auditor Empowerment.

Access to Microcomputers and Computer Networks.

Access to Audit Softwareâ??Meta–Languages.

Universal Access to Data.

Access to Education, Training, and Research.

Skills Inventory.

Needed versus Actual Skills.

Required versus Actual Performance.

Auditor Skills for Using CAATTs.

IS Auditor Skills.

Training Programs and Requirements.

Conceptual Training.

Technical Training.

Training Options.

In–house.

Professional Associations.

Educational Institutions.

Computer–Based, Video–Based, and Web–Based Training.

Summary and Conclusions.

Appendices.

Appendix A. The Internetâ??An Audit Tool.

The Internet.

Connecting to the Internet.

General Internet Uses.

Useful Sites for Auditors.

Examples of Audit–Related Internet Usage.

Appendix B. Information Support Analysis and Monitoring (ISAM) Section.

Appendix C. Information Management Concepts.

Appendix D. Audit Software Evaluation Criteria.

General Capabilities.

Reporting Capabilities.

Graphics Capabilities.

Mathematical Functions.

File Manipulation Capabilities.

Record Definition Capabilities.

File Type Capabilities.

Programming Capabilities.

Support.

Other Capabilities.

References.

Index.

David Coderre has over twenty years of experience in internal audit, management consulting, policy development, management information systems, system development, and application implementation areas. He is currently President of CAATS (Computer–Assisted Analysis Techniques and Solutions). He is the author of three highly regarded books on using data analysis for audit and fraud detection.

Praise for Internal Audit: Efficiency through Automation

"Internal audit′s role within the organization is more visible than ever before, largely due to the intense regulatory and compliance pressures of the last few years. This book provides an excellent overview of technology′s historical role in supporting audits, and practical examples of the value audit technology provides today. It should be mandatory reading for every audit leader tasked with maximizing the effectiveness of his or her audit team to support high– performing organizations."
Harald Will, President and CEO, ACL Services Ltd.

"A wonderful desktop reference for anyone trying to move from traditional auditing to integrated auditing. The numerous case studies make it easy to understand?and provide?a how–to?for those?seeking to?implement automated tools including continuous assurance. Whether you are just starting down the path or well on your way, it is a valuable resource."
Kate M. Head, CPA, CFE, CISA, Associate Director, Audit and Compliance, University of South Florida

"In the many years that it has been my pleasure to know and work with David Coderre, I have always been extremely impressed with his grasp of auditing, risk assessment, and data analytics, but more importantly how to do it all better and faster. If you want a high–quality audit outcome and effective resource utilization, learn from the best it doesn′t get any better!"
Greg Duckert, CIA, CISA, CPA, CMA,?CEO and founder, Virtual Governance Institute

"′Do more with less.′ A familiar phrase, but David Coderre actually shows you how to use technology to enhance your audit product. A must–read for any size audit shop."
Ian Craigen, Supervising Senior: IS Audit

"David Coderre is the ultimate expert on the use of computer–assisted audit tools and techniques. His twenty–first–century methods are revolutionizing the way audits are conducted. We have used his recommended methods in our audit practice with great success for many years. Every audit organization internal, external, governmental, SEC, or non–issuer of every size should have David′s books in use. These ideas work."
David L. Cotton, CPA, CFE, CGFM, Chairman, Cotton & Company LLP