Traditionally, auditors are often criticised because they reach conclusions based upon limited samples. It is not uncommon for an auditor to sample 30 transactions and declare either ‘a problem’ or conclude that “controls appear to be effective.” Management upon hearing this opinion of the auditor sometimes question the validity of the audit conclusions. Management generally do realise that they conduct thousands or perhaps millions of transactions a year and the auditor only sampled a handful. The auditor will then state that they conducted the sample based upon Generally Accepted Audit Standards (GAAS) and that their sample was statistically valid. It is easy for one to see that for large business with millions of individual transactions per year, the above methodology is problematic.
CAAT`s (Computer Assisted Auditing Techniques) addresses these problems. CAAT’s, as it is commonly called, is the practice of analysing large volumes of data looking for anomalies. A well designed CAAT’s audit will not be a sample, but rather a complete review of all and every single transaction/s. Using CAAT’s the auditor will extract every transaction the entity was party to, during the period reviewed.
We have just recently purchased a leading internationally recognised CAAT software tool and Mr Hebert Zata heads up the division, allowing us to perform this function. For example, using CAAT’s we can find possible fraud by comparing the banking details of your employees on your payroll database to all supplier banking details on your supplier banking database. Using this principle, we can search your entire database of inventory to identify every instance of overvalued stock at year end (which could substantially lower your taxation) Duplications, unauthorised access to the database, masterfile amendments which were not authorised and many other unique abilities which simply cannot be done if your auditor is using conventional auditing sampling techniques. When a problem is identified, we can approach management with the knowledge that we tested 100% of the transactions and that we identified 100% of the exceptions.
Another advantage of CAAT’s is that it allows us to test for specific risks. For example, an insurance company may want to ensure that it doesn’t pay any claims after a policy is terminated. Using traditional audit techniques this risk would be very difficult to test. The auditor would “randomly select” a “statistically valid” sample of claims (usually 30-50.) They would then check to see if any of those claims were processed after a policy was terminated. Since the insurance company might process millions of claims the odds that any of those 30-50 “randomly selected” claims occurred after the policy was terminated is extremely unlikely.
Using CAATs we can select every claim that had a date of service after the policy termination date. The auditor then can determine if any claims were inappropriately paid. If they were, the auditor can then figure out why the controls to prevent this failed.
Benefits of audit software include:
- They are independent of the system being audited and will use a read-only copy of the file to avoid any corruption of an organisation’s data.
- Many audit-specific routines are used such as sampling.
- Provides documentation of each test performed in the software that can be used as documentation in the auditor’s work papers.
Audit specialized software can easily perform the following functions:
- Data queries.
- Data stratification
- Sample extractions.
- Missing sequence identification.
- Statistical analysis.
- Duplicate inquires.
- Pivot tables.
- Cross tabulation