LEARNING Osjecrives ee Computer-Assisted Audit Tools and Techniques After studying this chapter, you should: © Be familiar with the classes of transaction input controls used by occounting applications © Understand the objectives and techniques used fo implement processing controls, includ- ing runtorun, operator intervention, and audit trail controls. © Understand the methods used fo establish effective output controls for both batch ond real-time systems. @ Know the difference between black box and white box auditing. © Be fomiliar with the key features of the five CAATTs discussed in the chapter. Tis chapter examines several issues related to the use of Computer-Assisted Audit Tools and Techniques (CAATTs) for performing tests of application com trols and data extraction. It opens with a description of application controls. These fall into three broad classes: input controls, Processing controls, and output con trols. The chapter then examines the black box and white box approaches to tes- ing application controls. The latter approach requires a detailed understanding of i application's leg fe ie co opproaches used for testing application logi¢ en examined: the test data met i ing, integrated test facility, and parallel cea a NIE APPLICATION CONTROLS 219 puta controls are programmed procedures designed to dea! with porential Tpurscrnanit threaten specific applications, such as payroll, purchases, and cis! disbursements 5 A i ystems. Application controls fall i t into thi inp controls, processing controls, and output controles ns road oaeeBores: MP Scanned with CamScannerggasi Cones tsrot CONTROLS ——. +) 299 ‘ent of the information Processing. In; insactions are system is responsible for bring- put controls at this stage are designed to Nalid, accurate, and complete. Data input proce- tent-triggered (batch) or direct ‘input (real time). fF and correct errors immediately, thus significantly that enter the system. % Classes of Input Control sesentation convenience and to provide structure to this discussion, we have the following broad classes: e Source document controls @) Data coding controls SS Batch controls 3 Validation controls ©@ Input error correction Ad) Generalized data input systems ‘These control classes are not mutually exclusive divisions. Som that we shall examine could fit logis divided input controls into control techniques into more than one class. Source Document Controls. Careful control must be exercised over physical source documents in systems that use them to initiate transactions. Source document fraud can be used to remove assets from the organization. For example, an individ- ual with access to purchase orders and receiving reports could fabricate a purchase transaction to a nonexistent supplier. If these documents are entered into the data Processing stream, along with a fabricated vendor's invoice, the system could process these documents as if a legitimate transaction had taken place. In the absence of other compensating controls to detec this type of fraud, the system would create an account payable and subsequently write a check in payment. To control against this type of exposure, the organization must implement control procedures over source documents to account for each document, as described next: ¥7Use Brenumbered Source Docunrents. Source documents should come prenuim- ™ pered from the printer with a unique sequential namber on each document. Source document numbers permit accurate accounting of document usage and provide an ‘Sedit trail for tracing transactions through accounting records. We discuss this fur- ther in the next section. yments in Sequence. Source documents should be distributed to Use or Ot ccquire tha adequate physical security be che users 2 wwer the source document inventory at the user site. When not in use, Suboetin should be locked away. Ar all times, access to source documents should be fimired to authorized persons. Scanned with CamScanner300 Chapter 7 Computer-Assisted Audit Tools and Techniques Periodically Audit Source Documents. Reconciling document sequence num. oad Jentify Gnissing dource documents. Periodically, the auditor should = ei ve rmbers of documents used to date with those remaining in inventory care he mer of EIEN et oral bene plus thos to management. Data Coding Controls. Coding controls are checks on the integrity of data codes used in processing. A customer's account number, am inventory item umber and chart of accounts number are all examples of data codes, Three types o rors can corrupt data codes and cause processing errors: transcription errors, single transpo.. sition errors, and multiple transposition errors, Transcription errors fall into three classes: @ Addition errors occur when an extra digit or character is added to the code. For example, inventory item number 83276 is recorded as 832766, © Truncation errors occur when a digit or character is removed from the end of a code. In this type of error, the inventory item above would be recorded as 8327, © Substitution errors are the replacement of one digit in a code with another, For example, code number 83276 is recorded as 83266. There are two types of transposition errors. Single transposition errors occur when two adjacent digits are reversed. For instance, 83276 is recorded as 38276. Muttiple transposition errors occur when nonadjacent digits are transposed. For example, 83276 is recorded as 87236 Any of these errors can c: undetected, For example, a sal 735219 will be posted to the wro1 tory item code on a purchase ord failing to order operations, use serious problems in data processing if they go order for customer 732519 that is transposed into ng customer's account. A similar error in an inven- ler could result in ordering unneeded inventory and nventory that is needed. These simple errors can severely disrupt Check Digits. One method for detecting data coding errors is a check digit. A check digit is a control digit (or digits) added to the code when i fe ori nally assigned that allows the integrity of the code to be established during subsequent frocessing. ‘The check digit can be located anywhere in the codes as 4 prefix, a sul- fix, or embedded someplace in the middle. ‘The simplest form of check digit is sum the digits in the code and use this sum as the check digit. For example, for the Sustomer account code §372 the calculated check digit would be 5434742517 prodee thins the ens column tho check digit 7 is added to the original code © becomes the customey nece ei ie eRUie string of digits (including the check digi) late the check digit to enegee nt nose. During data entry, the system ean recales* transcription errors, Fane tit the code is correct, This technique will detect oa)! cntmecncel ante aan ener el ee ere 16 = 6), and ihe enor mech etklated check digit would be 6 (6.0 2.07 #22 ilently ansposition ertore: For ee eee However, this technique would fail code 35727, which stl} sin 7 Samples ransposing the first two digits yields the : 17 1nd produces the check digit 7, This error wou! 80 undetected, Scanned with CamScannerpplication Controls’ 301 There are many cheeke« Popular method od ts modulu a6 follows: sh techniques for dealing, with transposition errors. A Using the cade $372, the steps in this technique are 1 Assign weights thie een Bact init in the code is multiplied by a different weight, In ts used are $, 4,3, and 2, shown as follows: Dign Weight a inh 3 « 2 « 2. Suin the products (25 +12 421 +4 = 62) 3. Divide by the modulus. We are using modulus 11 in this case, giving 62/11 = $ with a remainder of 7. 4. Subtract the remainder from the modulus to obtain the check diget (11-7 24 Icheck digit). 5. Add the check digit to the original code to yield the new code: 53724. Using this technique to recalculate the check digit during processing, 3 transposi- tion error in the code will produce a check digit other than 4. For example, \f the preceding code were incorrectly entered as 35724, the recalculated check dint would be 6, When Should Check Digits Be Used? ‘The use of check digits introduces stoe- age and processing inefficiencies and therefore should be cestricted to essental data. such as primary and secondary key fields. All check digit techmiques require one or more additional spaces in the field to accommodate the check diye. In the modulus 11, if step three above produces a remainder of 1, the check disit of 19 will require two additional character spaces. If field length is a hautatioe, cae way of handling this problem is to disallow codes that generate the check digst 19. Thss would restrict the range of available codes by about 9 perveet. Batch Controls. Batch controls ace an effective method of managing hngh vol umes of transaction data through a system. The objective of basch control s to-r Sneile output produced by the system with the input originally entered into. the system, This provides assurance that: All records in the batch ace processed. No records are processed more than once, nsactions is created from inpac through prevsssing to the system. © An audit trail of t output stage of t control is not exclusively aa inp phases of the »ysceu control technique. Controiting the batch We are erating this topig here because: Batch po rinues through al Caras al ag ited a Ue input sg ; Zehicsing batch sonual objects teauires gsouping sine eepes of wpae rarcectione (auch as sites oilers) together ia batches and then, contesting the se Minaaghout ata proversiags. TWu descanisnts ace ased oo ascomplish this eae er eanmatitial shoot anal a Baty santo! log. Elguae 7-L show's 0 exam at tats drauvtpittal sheet. The hutch teagsnuteal sheet capruces celevant utfore frotiuns such as ee Foley, stwsat she batch. Scanned with CamScannerChapter 7 Comparer-Assisted Audit Tools and Techniqeet Batch Transmittal Sheet ABC Company Batch Transmittal Sh sane [Tt 112) (=a Date af io [ # rTa]¢ Precat ueew [12] 4 : Control Data Record Hash Count Total Pet El 7PEee Cl Peet! ‘A unique batch number A batch date Dansaction code (indicating the type of eransactions, such as a sales o oder Of cash receipt) «The number of records in the batch (record count) 1 The coral dollar value of a financial field (batch control rota!) + The total of a unique nonfinancial field (hash total) and is sob Usvally, the batch transmittal sheet is prepared by the user deparment Z es, vated to data control along with the batch of source documents. Somat muted to after, acting 95 2 liaison berween the users and the dats POTTY qeparmene, prepares the cransmirzal sheet. Figure 7-2 illeseeates the batch coat process. The data control clerk receives transactions 40 10 30 records. The clerk assigns each batch a unique number, dare-stames | documents, and calculates (or recalculates) the barch trol nambers, sh 8 Tr aoa ntcllag amount of the batch and a hash rotal (discussed laser), TRE steck oo the batch control infostnation an die batch concrol bog and Subunits the bare of uments, along with the transmimal sheet, to the dara entey departarent. Fige™ shows a sample batch control log. a The dara entey group cates and enters the ansmittal sheet daar ont att transaction file, along wah the bate of transaction cccorits. The ranseiee may be added as a additonal recon ja the fle ox placed i the file's iene aa ee rcmial labels Tover tn hs sexsion) TBe {2% ih sheet becomes the batch cantrof cecord ant is usesl £0 assess the inregeity © 1 patch during processivy,. For example, the data carry procedure will recalculate from users assembled ia panko ee Scanned with CamScannerApplication Controls [EE User Departments Batch of 303 [watch control Process Data Controt Documents ‘Doeumen L—} Transmit Sheet L— Transmittal Shoets Batch of Documents 4 Transmit Sheet Group Documents into Batches Batch of Documents L_— Transmitat Batch Data Processing Department L—_ Shot each L-— ete Log 1 Arcane Processed Batch ith Baten User t CContret Log. ‘Clerk Gonecis Errors, [7] Documents Application Fis ania See on i aaa ‘Batch Source Documents to User Area (} Zransmittay Documents Controt Sheot toe U4 Transmittal a Sheet Reports batch control totals to make sure the batch is in balance. The transmittal record shows a batch of 50 sales order records with a total dollar value of $122,674.87 and a hash total of 4537838. At various points throughout and at che end of pro cessing, these amounts are recalculated and compared to the batch control record. If the procedure recalculates the same amounts, the batch is in balance. After processing, the output results are sent to the data control clerk for recon- ciliation and distribution to the user. The clerk updates the batch control log to record that processing of the batch was completed successfully, eT] Batch Control Log End User Data Processing fool cont | Hash [Record] sutmmet | Renamed — sache| pate [rime] %] For! | Teta! |Coumt oars Time] vate Tene [Ene Coo 2 403] salon | 2.03 |2.2] 12207047 | sasreis | 20 | raion ]oas res} a Scanned with CamScanner304 cr-Avsisted Audit Tools and Techniques Chapter 7 Com Hash Totals. The term heh total, which was used in the preceding Siscusion, aor to a simple control technique that uses nonfinaneial data to Kesp track of the rh Pee nursber ox an inventory ham amber, may be need ta calewiet 3 best ttal: Fo Goering exacnpi, the males oxcier cient (2000) Gl x = Sr Yen at sales order records is summed to produce a hash roral, sow 14327 67345 19983 88943 96543 4537838 (hash toral) Let’s see how this seemingly meaningless number can be of use. Assume that after this batch of records leaves data control someone replaced one of the sales orders in the batch with a fictitious record of the same dollar amount. How would the batch control procedures detect this irregularity? Both the recor count and the dol- lar amount control totals would be unaffected by this act. However, unless the per- petrator obtained a source document with exactly the same sales order number (which would be impossible, since they should come uniquely prenumbered from the printer), the hash total calculated by the batch control procedures would not balance. Thus, the irregularity would be detected. Validation Controls. Input validation controls are intended to detect errors in transaction data before the data are processed. Validation procedures are most effec- tive when they are performed as close to the source of the transaction as possible However, depending on the type of CBIS in use, input validation may occur at various points in the system. For example, some validation procedures require making refer- ences against the current master file. CBISs using real-time processing or batch process- ing with direct access master files can validate data at the input stage. Figure 7-4{a) a0d (b) illustrate these techniques. If the CBIS uses batch processing with sequential files, the transaction records being validated must first be sorted in the same order as the master file, Validating at the data input stage in this case may require considerable additional processing. Therefore, 35.4 practical matter, each processing module prior to updating the master file record pet forms some validation procedures. This approach is shown in Figure 7-5. eee A with this technique is that a transaction may be partially epee letected, Dealing with a partially complete transi tion will require special etrorhandiing procedures. We shall discuss error handling trols later in this section, here are three levels of input validation controls: rrogation 2. Record interrogation 3. File interrogation Scanned with CamScannerAppian Co grout 7a validation during pata Input 905 (P) Validation in a Batch-Diract Accoas System Th i I I ae I Flo (nt) Update actor F Master Fle b Field Interrogation. Field interrogation involves programmed procedures that examine the characteristics of the data in the field. The following are some common types of field interrogation, Missing data checks are used to examine the contents of afield for the presence of blank spaces, Some programming languages are restrictive as to the justifications (right or let) of data within the field. If data are not properly justified or if. schon acter is missing (has been replaced with a blank), che value in the field will be improperly processed. In some eases, the presence of blanks in a ruumerie data field may cause a system failure. When the validation program detects a blank where expects to sce a data value, this will be interpreted as an error Numericsalphabetic data checks determine whether the correct form of data is ina field, For example, a customer’s account balance should not contain alphabetic data, As with blanks, alphabetic data in a numeric field may cause serious process, ors. eS eronvalue checks are wsed to verify that certain fields are filled with zeros, Some program languages require that fields used in mathematial operations be initiated with zeros prior ro processing, This control may trigger an automatic corrective con trol co replace the contents of the field with zero if it detects a nonzero value, Limit cheeks determine if the value in the field exceeds an authorized limi, For example, assume the firm's policy is that no employee works more than 44 hones per week, The payroll system validation program can interrogate the hours-worked field in the weekly payroll records for values greater than 44, Range checks assign upper and lower Tits to aceprable data values, For example, ifthe range of pay rates for houcly employees in firm is between & ard Scanned with CamScanner05 J Techni Chapeee 7 ComputersAssiste Aut Fools and airvoure 7-sia Validation in Batch Sequential File System (Noto: For simplification, the nec: essary resorting of the tronsaction file between update processes is not shown.) ay (soma Zs Fhe (te Cc Process #1 | ind upuate tastor ilo "anasction File (Batch) ous Promaeron Ector Fl T Vata Process #2 Now es ou ae Mastor Fle Process #3 praaneton Mastor File 20 dollars, all payroll records can be checked to sce that this range is not exceeded. The purpose of this control is to detect keystroke errors that shift the decimal point one or more places. It would not detect an error where a corcect pay rate of, Sts dollars is incorrectly entered as 15 dollars. : Validity checks compare actual values in a field against known acceptable ¥2 1s. This control is used to verify such things as transaction codes, state abbrevt! tions, or employce job skill codes. Ifthe value in the field does not match one of He acceptable values, the record is determined to be in error i This is a frequently used control in cash disbursement systems. One form 0” cash disbursement fraud involyes manipulating the system into making a fraudulent payment to a nonexistent vendor, To prevent this, the firm may establish a list °” valid vendors with whom it does business exclusively. Thus, before payment of 2") ion, the vendor nusuber on the cash disbursement voucher is mate against the valid vendor list by the validation program. If the code does not mate” payment is denied, and management reviews the trausactiori, Check digit controls identify keystroke errors in key fields by testing the inter nal validity of the code, We discussed this control techniqiie earlier in the scetiot* Scanned with CamScanneri Controls 307 Togation, Re i . fora pecOrd interro, ation procedures validate the entire record the iotecrelationshin ef eon? cussed below, ‘onship of its field values. Some typical tests are dis- cas i ne aimee checks determine if a value in one field, which has already other data fields in cin’ 3 "NRE check, is reasonable whos considered along with per hour falls wien he Fecord. For exami ae employee's pay rate of 18 dollars pared to the ae oe ae eptable range, However, this rate is excessive whereas loyee’s job skil . is more than 12 doles i ie code of 693; employees in this skill class never earn _ Sign checks are tests to [oe if the sign of a field is correct for the type of record ‘or example, in a sal termine if a record is out of order. In batch sys- feins that use sequential master files, the ramen files being processed must be tary keys of the corresponding master file. This File Interro; ation. The purpose of file interrogation is to ensure that the correct Purp 8: 8 ~ file is being processed by the system. These controls are particularly important for master files, which contain ermanent records of the firm and which, if destroyed 4, are difficult to repli ’ or corrupted, are difficult to replace. Internal label checks verity that the file processed isthe one the program ie te y fi Prog: tual calling for. les sored on magnetic ape are ually kept offi cre il ¢ files have external labels that identify them (by name and serial library. Thes (by 1a swumber) to the tape librarian and operator. External labeling ypialy et Procedure and, like any manual task, prone to errors Sometimes, the wrong et nal label is mistakenly affixed to fle when iis eeated. Thay, whe ne See called for again, the wrong fil will be retrieved and placed on the tape dee rocessing, Depending on how the file is being used, this may resule ints dart, tion or corruption. To prevent this the operating ster coe internal header label that is placed at the beginning of the file. An example of a header label is in Figure 7-6. . eo ee thatthe correct ile is about tobe Procested, the system matches the _ nd serial number in the header label withthe program's file cei re eat che wen file has boon loaded, the sytem el oe ge operator a mes aT ete mraaalag Iuleuthiete net ote label checking is See ane eee aca eenitel eis anowtlen taken beer by programmers generally a st ” 7 . tors, ie ion ing an err checks are used to very that the vesio ofthe le being processed i ce Ina grandparent-parent-child approach, many versions of masiee fies a Soiree tong Gay exist, The version check compares the version mua files transactions may exist. i ram's requirements, 7 ‘An expiration . “i nce an adequate number of backup files i rene ie oe bel ered fom te Gsk or wapel te pe oldest backu files, Figure 7-7 illustrates this procedure. - new files. : Scanned with CamScanner308 apter 7 s-Assisted Audit Tools and Techniques Chapter 7 Comp aa Header Label on Magnetic Tape Tape Serial Number | nee Filo Name Expiration Date reqe1 Control Totals Number of Records Record 1 Record 2 eyed Record n To protect against destroying an active file by mistake, the system first checks the expiration date contained in the header label (see Figure 7-6). If the retention Period has not yet expired, the system will generate an error message and abor the scratch procedure, Expiration date control is an optional measure. The length 0 - retention period is specified by the programmer and based on the number of backu? : ; ration date, files that are desired. If the programmer chooses nor to specify an expiration dat the control against such accidental deletion is eliminated. Input Error Correction. When errors are detected in a batch, they must be rected and the records resubmitted for reprocessing, This must be eorcrolled proce Sa goeace thar errors are dealt with ecmpletcly and correctly, There are these comer error handling techniques: (1) coreeet immediately, (2) create an error fite, and reject the entire batch, Correct Immediately, (refer to 7-4(a) and (b}) data entry. Upon dete should hale the data h I the system is using the direct data validation app Nn i error detection and correction can also take place west cting a keystroke error or an illogical relationship, the $Y entry proced lure until the user corrects the error. Create an Error File, i ~~ When dela is bei hem fem with sequent isda sets ing used, sch in : c rom idval errors should be flagged to prevent them Scanned with CamScanneroplization Controls 309 ea | Seratch Tape Approach Using Retention Date Application B (Accounts Receivable) Application A (Payroll ‘pplication rayroll) Obsolete Fo Cc \ Ge) Update Program upéate being processed. Ar the end of errors are removed from the batel the errors can be investigated. Some errors can be detected during mentioned earlier, the update module pe roepeds may be placed on the error file at jillusteated by Figure 7-8. At each validation pc the batch control totals to reflect the removal In a separate procedure, a0 authorized user tions to the error records an Terrors detected diiring proces artially processe¢ already Par ihe data nt STARE 8Y e, There are two methods wn reverse the effects of the partially pro Cone etd Ee a to she Biers 'eparing batch control recor trl bitted dara, fuse 38 they do for norma +h, Some forms af ¢ yaa the iba to individual recs aah “are note d resubmit them as a sepai ssing require care! rd. Therefore, simply resubmi The second is to ceinsert 3 detected, In either case,,batch con ‘ds and logging the batches) apply to 1 batch processing. the validation procedure, the records flagged as 4h and placed in a temporary error holding file until data input procedures. However, as was forms some validation tests. Thus, error several different points in the process, as joint, the system automatically adjusts of the error records from the batch. representative will later make correc- rate batch for reprocessing. ful handling, These records may errors are associated with the entire batch and ‘ords. An example of this type of error, Scanned with CamScanner ring the corcected records result in pracessing portions of these for dealing with this complexity. The ‘cessed transactions and resubmit the corrected records310 . fechniques Chapter 7 Computer-Asssted Audit Tools and Technis Use of Error File in Batch Sequential File System with Multiple Resubmission Points Baten ot Seeman T — [Resubmit A — ‘Error File a Validate ! and Update —en | cS Correction Lemans J Bima OW tose aaa r Se aa _[ yaaa T -resrapan | vate, ocd Master Fs ASS is an imbalance in a batch control total. Assume that the transmittal sheet for2 batch of sales orders shows a total sales value of $122,674.87, but the data inp procedure calculated a sales total of only $121,454.32, What has caused this the problem a missing or changed record? Or did the data control clerk ine rectly calculate the batch control total? The most effective solution in this cx to cease processing and return the entire batch to data control to evaluate; rect, and resubmit. Batch errors are one reason fo} number, Too few records in a bate keeping the size of the batch toa managed ch make batch processing inefficient. Too M™™) icult, create greater business disruption Possibility of mistakes when calculating control totals, Generalized Data Input Systems. To achieve a high degree of control ands dardization over input validation procedures, so:ne Sréanizations emplo7 #6 alized data input system (GIS), This technicue inclces ve eeslised proctor, manage the data input for all of the organization's transaction processin8 Ie GDIS approach has three advantages: Firse improves contcol by havit™ ys ‘ata validation, Second, GDIS ensures that cs « standard for data validation, ‘Thitd, GD!S it *¥. Given the high degree of commonality Scanned with CamScannerapatiation Controls o validation requirements for AIS applications, GDIS eliminates the need to seer ate redundant routines for each new application. Figure 7-9 shows the primary fea- tures of this technique. A GDIS has five major components:! 1. Generalized validation module 2. Validated data file 3. Error file 4. Error reports 5. Transaction log Generalized Validation Module. The generalized validation module (GVM) per- forms standard validation routines that are common to many different applications. These routines are customized to an individual application’s needs through param- eters that specify the program's specific requirements. For example, the GVM may apply a range check to the HOURLY RATE field of payroll records. The limits of the range are 6 dollars and 15 dollars. The range test is the generalized procedures the dollar limits are the parameters that customize this procedure. The validation procedures for some applications may be so unique as to defy a general solution. ‘To meet the goals of the generalized data input system, the GVM must be flexible ee | Input Transactions Generalized Data Input System Fimo Caras Parcnases Payee ‘cash Receipts Syeterm system System ‘Applications * ee nos) Flan Weber, EDF Auine: Comesninal Fowsdations and Practize; 2d ed. (New York: McGraw 2. MS paar, 9m, pre dA 27 com Scanned with CamScannera2 PROCESSING CONTROLS Chapter 7 Computer Assisted A enough to permit spe: rocedares ate stored, along with generalized procedures, and invoked bye as needed. After passit of the system. lit Tools and Techniques al user-defined procedures for unique application, The » These GVM Validated Data File. The input data that are validated by the GVM are fon a validated data file. This is a temporary holding file through whic! dlated transactions flow to their respective applications, The a tank of water whose level is constantly changing, by the GVM and emptied from the bottom by Error File. The error file in the GDIS play: file. Error records detected during va and then resubmitted to the GVM. Error Reports. Standardized error reports are distributed to users to facilitate error correction. For example, if the HOURLY RATE field in a payroll record fails a range check, the error report will display an error message stating the problem so. The report will also present the contents of the failed record With the acceptable range limits taken from the parameters Transaction Log. The transaction log is a permanent record of all validated Hsactions, From an accounting records point of view, the transaction log is cauivalent to the journal and is an important element in the audit tril However, only successful transactions (those that will be completely processed) should be entered in the journal. Ifa transaction is to undergo additional vali- dation testing during the protessing phase (which could result in its rejection), it should be entered in the transaction log only after it is completely validared, ‘This issue is discussed further in the next section under Audit Trail Controls, Stored A val leis analogous t as it is filled from the ’ applications. the same role as a traditional eror Hdation are stored in the file corrected, is top along i through the data input stage, transactions enter the processing stage Processing controls are divided into three categories: run-to-rim cons trols, operator intervention controls, and Audit Trail Controls, Run-to-Run Controls Previoush , we discussed the preparation of batch control figures as an clement of inpur control. Run-to-run controls use batch figures to monitor the batch as it moves from one progeammed procedure (run) to another. These controls ensure that each run the system processes the batch correctly and completely. Batch ean. ol figures may be contained in either a separate control record created at the data input stage or an internal label. Specific uses of run-to-run control figures are described in the following paragraphs. Recalculate Control Totals. After each major operation in the process and after each run, dollar amount fields, hash totals, and record counts are accumulated and compared to the corresponding values stored in the control record. If a re rd in the batch is lost, goes unprocessed, or is processed! more than once, this will be revealed by the discrepancies between these figures. Transaction Codes. ‘The transaction code of each record in the batch is compared ga) record, to the transaction code contained in the control ‘This ensures thar only the correct type of transaction is being, processed Scanned with CamScannerBi Run-to-Run Controls GleU33 313 transaction records init ‘at use sequential master files, the order of the ras in the batch is critical to correct and complete processing. As the batch mi oves throug! ter fle wean s through the process, it must be re-sorted in the order of the mas- ach run. The sequence check control compares the sequence of cach record in the b: atch with iouatn H took place. the previous record to ensure that proper sorting, ee the use of run-to-run controls in a revenue cycle sys- Here p! on comprises four runs: (1) data input, (2) accounts receivable 'pdate, (3) inventory update, and (4) output. At the end of the accounts receiv- able run, batch control figures are recalculated and reconciled with the control totals passed from the data input run. These figures are then passed to the inven- tory update run, where they are again recalculated, reconciled, and passed to the output run. Errors detected in each run are flagged and placed in an error file. The run-to-run (batch) control figures are then adjusted to reflect the deletion of these records. a S inven Master Een To ua Revetog rae Sonn) 72 Scanned with CamScanner314 Chapter 7 Compater-Assisted Audit Tools and ‘Techniques Operator Intervention Ce=trols ; Ba os Systems sometimes require operator intervention to initiate certain actions, such as entering control totals for a batch of records, providing parameter values for logi- cal operations, and activating a program from a different point when reenterin semi-processed error records. Operator intervention increases the potential for human error. Systems that limit operator intervention through operator interven. tion controls are thus less prone to processing errors. Although it may be impossi. Ne to eliminate operator involvement completely, parameter values and program start points should, to the extent possible, be derived logically or provided to the system through look-up tables. Audit Trail Controls ‘The preservation of an audit trail is an important objective of process control. In an accounting system, every transaction must be traceable through each stage of pro- cessing from its economic source to its presentation in financial statements, In a CBIS environment, the audit trail can become fragmented and difficult to follow. It thus becomes critical that each major operation applied to a transaction be thor- oughly documented. The following are examples of techniques used to preserve audit trails in a CBIS. Transaction Logs. Every transaction successfully processed by the system should be recorded on a transaction log, which serves as a journal. Figure 7-11 shows this arrangement. There are two reasons for creating a transaction log. First, the transaction log is a permanent record of transactions. The validated transaction file produced at the data input phase is usually a temporary file, Once processed, the records on this file are erased (scratched) to make room for the next batch of transactions, all of the records in the validated transaction fil of these records may fail tests in the subseque Second, not le may be successfully processed. Some nt processing stages. A tcansaction log ESGESEERAM | transaction tog to preserve the Awan Trail 1 1 1 Input Phase | Processing Phase | Output Phase 1 Scraten tes eased 1 1 sherprocestng i I 1 ao Yacern 1 sopteanon 1 ouput coe Reps Sew Vann aac caaleaeea Snack pn ono eomeeean Scanned with CamScannerapplication Controls Qurrur Controis -_— an error file. The transaction it for all the transactions in the batch. The atched with no loss of data. ould produce a hard copy trancanion listing of all successful se listings should go to the appropriate users to facilitate reconcil- ‘action file may then be ser: ie system I transactions. The: Log of Automatic Transactions. Some transactions are triggered internally by the 7 An example of this is when inventory drops below a preset reorder point, and ee rem automatically processes a purchase order To maintain an audit trail of these cavities, all internally generated transactions must be placed in a transaction log. Listing of Automatic Transactions. To maintain control over automatic trans- actions processed by the sy acti e ‘stem, the responsible end user should receive a detailed listing of all internally generated trancareions, Unique Transaction Identifiers. Each transaction Processed by the system must be uniquely identified with a transaction number The he only practical means of tracing a particular transaction through a database of thousands or even millions Of records. In systems that use physical source documents, the unique number Printed on the document can be transcribed during data input and used for chin pur- Pose. In real-time systems, which do not use source documents, the ester shield assign each transaction a unique number Ervor Listing. A listing of all error records should 80 to the appropriate user to support error correction and resubmission. Output controls ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sore can cause serious distey- tions to operations and may resul in financial loses to a firm. For example, if the checks produced by a firms cash disbursements system are lost, misdirected, or destroyed, trade accounts and other bills may go unpaid. This could damage the fms credit rating and reskin lst discounts, interest, or penal charges. Uf the privacy of certain rps of output is violated, a firm could have its business objectives compromised, or it could even become legally exposed. Examples of privacy exposures include the disclosure of trade secrets, patents pending, mar. keting research results, and patient medical records. as ; The type of processing method inv use influences the choice of controls employed to protect system output, Generally, batch systeins are more susceptible re and require a greater degree of control than real-time systems. In this fection, we examine output exposures and controls for both merhod ing Batch Systems Output j Controlling, aie oa output in the form of hard copy, which typically peepee A mary oes sreep er egadersts ar and distribution. Figure 7-12 shows the stages inthe ousput process dnd serves as the hae ees igure 7-12 sho E rest of this section. Scanned with CamScanner316 Eien Stages in the Output Process Chapter 7 Computer-Assisted Audit Tools and Techniques “The output is removed from the printer by the computer operator, separated inte sheets and separated from other reports, reviewed for correctness by the data control lerk, and then sent through interoffice mail to the end user. Each stage in this proces, s a point of potential exposure where the output could be reviewed, stolen, copied, ot misdirected, An additional exposure exists when processing, or printing, goes Ywrong and produces output that is unacceptable to the end user. These corrupted or partially damaged reports are often discarded in waste cans. Computer criminals have success. fully used such waste to achieve their illicit objectives. Following, we examine techniques for controlling each phase in the output process. Keep in mind that not all of these techniques will necessarily apply to every item of output produced by the system. As always, controls are employed on a cost-benefit basis that is determined by the sensitivity of the data in the reports, Output Spooling. In large-scale data-processing operations, output devices such as line printers can become backlogged with many programs simultaneously demanding these limited resources. This backlog can cause a bottleneck, which adversely affects the throughput of the system. Applications waiting to print output occupy computer memory and block other applications from entering the processing, stream. To ease this burden, applications are often designed to direct their output to a magnetic disk file rather than to the printer directly. This is called output spooling. Later, when printer resources become available, the output files are printed. cama esate aera eee 1 Ga via von Output eer Ouipat Report Was Fle Scanned with CamScanner{applicator mn Controls 37 Th . preset Seation of an output fleas an intermediate step in the printing process Presents an added exposure. A computer criminal may use this opportunity to per- any of the following unauthorized acts: © Access the output file and change critical data values (such as dollar amounts on checks). The printer program will then print the corrupted output as if it were produced by the output run. Using this technique, a criminal may effec- tively circumvent the processing controls designed into the application. © Access the file and change the number of copies of output to be printed. The extra copies may then be removed without notice during the printing stage. @ Make a copy of the output file to produce illegal output reports. © Destroy the output file before output printing takes place. The auditor should be aware of these potential exposures and ensure that proper access and backup procedures are in place to protect output files. Print Programs. When the printer becomes available, the print run program pro- duces hard copy output from the output file. Print programs are often complex sy tems that require operator intervention. Four common types of operator ac follow: 1. Pausing the print program to load the correct type of output documents (check stocks, invoices, or other special forms). 2. Entering parameters needed by the print run, such as the number of copies to be printed. Restarting the print run at a prescribed checkpoint after a printer malfunction. 3. Removing printed output from the printer for review and distribution. 4 Print program controls are de:igned to deal with two types of exposures pre~ sented by this environment: (1) the production of unauthorized copies of output and (2) employee browsing of sensitive data. Some print programs allow the oper- ator to specify more copies of output than the output file calls for, which allows for the possibility of producing unauthorized copies of output. One way to control this js to employ output document controls similar to the source document controls dis cused earlier. This is feasible when dealing with prenumbered invoices for bil Customers or prenumbered check stock. At the end of the run, the number of copies, Specified by the ousput file can be reconciled with the actual number of ourpur doc- sed. In cases where output documents are not prenumbered, supervision uments us < ; may be the most effective control rechnique. A security officer can be present dur- ing the printing of sensitive output. "To prevent operators from viewing sensitive ouput, special multipare paper can be used, with the rop copy colored black co prevent the print from being read. This type of product, which is illustrated in Figure 7-13, is often used for payroll check Princing The receiver of the check separates the top copy from the body of the aon, which contains readable details, An alternative privacy conttol is to direct, the output to a specia ely supervised, Bursting. When ontput reports are reatoved from the priate, they go to the burst- rere to bave their pages separated and collated. The concern here is that the bursting clerk may make an unauthorized copy of the report, remove a page from the nensitive information. The primary control against these exposures is read report oF rex Say sensitive reports, bursting may be performed hy the end user s rea | remote printer that can be clos Scanned with CamScannerer, LEHIGH UNIVERSITY LEMEAUPESSSYA W ASIA TERE piveucae | | oor waaae7a 032300225 0032-05308 "> LEHIGH UNIVERSITY a BETHLEHEM, PENNSYLVANIA 18015 coNDEATIAL 2 PAYROLL INEORNATION 22 (Direc deposi 25 Bs 5S 38 32 Re a g 25 3 Adress window = === | es = \ Dasa ae SRST wR MARSA Saar | | ees Scanned with CamScannerylation Controls 319 Waste, Comput: ispose ot abort during bursting trash cans search be of no value, a key piece of lit ratings of its customers, or “rets that they can sel ‘Computer waste is also a source tables, which a perpetrator may ugh a paper shredder can easily use to access thi destroy sensitive computer output. ol figures for balance; and record the For reports containing In this case, the report Report Distribution, include reports being lost, stol Sontrol measures can minimize these exposures, For exampl erated, the name and address ‘The primary risks associated wi ‘th report distribution len, or misdirected in transit t ‘© the user. A number of le, when reports are gen- of the user shvuld be printed on the report. For mul- ticopy reports, an address file of authorized user » the following distribution t & The reports may be placed in a secure mailbox to which only © The user may be required to appear in person at the deca’, for the report. A security officer or special courier may deliver the report to the user, End User Controls, Once in the amined for any errors that may h are in a far better position to ideni by an imbalance in control torals, Errors detected by the oats should the appropriate computer services management. Such enact may an improper systems design, incorrect procedures, erory neers} by accident dur ing systems maintenance, or unauthorized access ro data files or programs. Dace a report has served its purpose, it should be stored ae secure location s retention period has expires «i Factors influencing the length of time a hard copy report is retained include: tion center and sign . hands of the user, ave evaded the da tify subtle etrors i output reports shor a control clerk's tu it reports that are nuld be reex- eview. Users. not disclosed be reported ta be symptoms of © Statutory requirements specified such as the IRS + The number. of eoples of the repoce in existence, Wirts there are multipte copies, certain of these may be marked for pennanee retention, while the remainder can be destroyed after use, © The existence of magnetic or opie iniagoe of reports thay can act nent backup. by government agencies, aS perma, Scanned with CamScanner320 Tools and Techniques When the retention date has passed, reports should be destroyed in a mannet cong: tent with the sensitivity of their contents. Highly sensitive reports should be shed Controlling Real-Time Systems Output Real-time systems direct their output to the user’s computer screen, terminal, printer. This method of distribution eliminates the various intermediaries in ie journey from the computer center to the user and thus reduces many of the expe: sues previously discussed. The primary threat to real-time output is the interop, tion, disruption, destruction, or corruption of the output message as it passes alon the communications link. This threat comes from two types of exposures: (1) exper sures from equipment failure and (2) exposures from subversive acts, whereby 4 al intercepts the output message transmitted between the sender and the receiver. Techniques for controlling communications exposures were dis. cussed previously in Chapter 5. EET TESTING COMPUTER APPLICATION CONTROLS . BLACK-BOx APPROACH WHITE-BOX APPROACH This section examines several techniques for auditing computer applications. Control testing techniqr:es provide information about the accuracy and complete- ness of an application’s processes. These tests follow two general approaches: (1) the black box (around the computer) approach and (2) the white box (through the computer) approach. We first examine the black box approach and then review sev- eral white box testing techniques. Auditors testing with the black-box approach do not rely on a detailed knowledge of the application's internal logic. Instead, they seek to understand the functional characteristics of the application by analyzing flowcharts and interviewing knowl tdgeable personnel in the client's organization, With an understanding of what the application is supposed to do, the auditor tests the application by reconciling pro- duction input transactions processed by the application with output results. The output results are analyzed to verify the application’s compliance with its functional requirements. Figure 7-14 illustrates the black box approach. The advantage of the black-box approach is that the application need no removed from service and tested directly. This approach is feasible for testing apr" cations that are relatively simple. However, complex applications—those that receive input from many sources, perform a variety of operations, or produce mu tiple outputs—require a more focused testing approach to provide the auditor wi" evidence of application integrity. t be logic of iques for peciall” The white-box approach relies on an in-depth understanding of the internal the application being tested. The white-box approach includes several techni testing application logic directly. These techniques use small numbers of specie created test transactions to verify specific aspects of an application's logic and trols. In this way, auditors are able to conduct precise tests. with known varia Scanned with CamScanner| ing Computer Application Control sine COMP Is 321 c |= iting around Ad eputer—The ta, +, plock Box —_ “approach E secure a || SESS Set ouput} —___ L-—_ and obtain results that they can compare against objectively calculated results. Some of the more common types of tests of controls include the following: © Authenticity tests, which verify that an individual, a programmed procedure, or @ message (such as an EDI transmission) attempting to access a system is authentic, Authenticity controls include user IDs, passwords, valid vendor codes, and authority tables. © Accuracy tests, which ensure that the system processes only data values that conform to specified tolerances. Examples include range tests, field cests, and limit tests. Completeness tests, which identify missing data within a single record and entire records missing from a batch. The types of tests performed are field ests, record sequence tests, hash totals, and control totals. © Redundancy tests, which determine that an application processes each cecond only once. Redundancy controls include the reconciliation of batch totals, record counts, hash totals, and financial control totals. | © Access tests, which ensure that the application prevents authorized users from unauthorized access to data. Access controls include passwords, authority tables, user-defined procedures, data encryption, and inference controls, ‘© Audit trail rests, which ensure that the application creates an adequate audit trail. “This includes evidence that the application records all transactions in a trancac. tion log, posts data values to the appropriate accounts, produces complete ans action listings, and generates eeror files and reports for all exceptions, @ Rounding error tests, which verify the correctness of rounding procedures. Rounding errors occur in accounting information when the level of precisa used in the calculation is greater than that used in che reporting. For example. iacerext calculations on bank account balances may have a precision of five decimal pi. whereas only two decimal places are needed to report balances, f the remaining | three decimal places are simply dropped, the toral interest calculated far the coms! | umber of accounts may not equal the sum of the individual eateulations, Figure 7-15 shows the logic for handling the counding error problem. This tech- Fr nique uses an aecumularor to keep tack of the rounding differences beeween colon Tated and reported balances, Note how the sign and the absolute value af the ween Scanned with CamScanner322 Rounding Error Algorithm Cctetta root Caer» Fiow Oannee ‘Caaf New Balance Rodeo earest Cont sarert Founded Balance Urrounded Balance ‘as 0110 New Rounded Blancs fra Suact 05 om ‘ecumelator ‘tact 01 fom New Rounded Balance find Aa. 01 ‘ecumelator —_!——_ ‘Aaa Remandor {Baccarat Source: Adapted from R. Webes, EDP Auditing Conceptual Foundations and Practice, 2d ed. (New York: McGraw-Hill, 1988), p. 493- rmmines how the customer account is affected by rounding 1 Vogie is applied in Table 7-t to three hypothetical bank bak ve based on an interest rate of 5.25 percent. Fer ibis rounding difference can eeslt in an imbak mount and the stim of the individual int counting for rounding differences ea" 9° in the accumulator dete illustrate, the rounding ances. The interest calculations a Failure to properly account ance between the total (control) interest a est calculations for each account. Poor ac present an opportunity for fraud, ’ Salant Rounding programs are particularly susceptible to salami frauds. but the harm to each is imamate frauds tend to affect a large number of victims, rial, This type of fraud takes its name from the analogy of slicing a large salami {the fraud objective) into many thin pieces. Each vietim assumes OME of these sm pivees and is unaware of being defrauded. For example, & programmer, oF SOM, vine with access to the preceding rounding program, can perpetrate & salami fens by modifying the rounding logic as follows: at the point in the process where f° algorithm should increase the customer's account (that is, the accumulator value > 4.01), the program instead adds one cent to another account—the perpetrator account, Although the absolute amount of each fraud transact tion is small 8¢" Scanned with CamScanner323 TN er Beginning accumulator balance ee ning occount balance Beg 00861 : es Coléulated interest 274178 New ecount bolance’ 143.94345 pounded secount balance 2,885.72345 ‘Adjusted accumulator balance 2,885.72 * Ending eczoun! bolonce 01206 (.00345 + 00861) * Ending occumulajor balance 2u8o73 {round up 1 cent) 206 (01206 - . Record 2 { ou Beginning eccumulator bolonce Beginnirig account balance 00206 Calculated interest 1,893.44 Now aceon balonce 99.4056 Rounded account balance A oeeneee ba reeset era) ~100646 (,00206 - .0044) a cad 1,992,85 (no change) Ending accumulator balance ~ 00234 Record 3 Beginning accumulator balance =.00234 Beginning account balance 7,423.34 Coleulated interest 389.72535 New account balance 7,813.06535 Rounded account balance 7,813.07 Adjusted accumulator balance =,00699 [-.00234 -. 00425} Ending account be.ance 7,813.06 (round down 1 cent) Ending accumulator balance 00699 the thousands of accounts processed, the total amount of the fraud can become significant over time. ; Operating system audit trails and audit software can detect excessive file activ- ity, In the case of the salami fraud, there would be thousands of entries into the computer criminal’s personal account that may be detected in this way. A clever programmer may disguise this activity by funneling these entries through several intermediate temporary accounts, which are then posted co a smaller number of intermediate accounts and finally to the programmer's personal account. By using many levels of accounts in this way, the activity to any single account is reduced and may go undetected by the audit software. There will be a tral, but it can be com- plicated. A skilled auditor may also use audit software to detect the existence of unauthorized intermediate accounts used in such a fraud. ERENT IT R TESTING CONTROLS Computer-AIDED AupIT TOOLS AND TECHNIQUES sroiusteate how application controls are tested, this section describes five CATT. To ils rare ne test data method, which includes base case system evaluation and : approaches: ine Mf test facility, and parallel simulation, tracing, integs Scanned with CamScanner324 Test DATA METHOD —— Ea The Test Data Technique Chapter 7 Computer-Assisted Audit Tools and Techniques 4 to establish application integrity by processing spe- Gally prepared sets of input data through production applications that are under saidae The results of each test are compared to predetermined expectations to seesin an objective evaluation of application logic and control effectiveness, The oorajata technique is illustrated in Figure 7-16. To perform the test data technique, «Fe gaditor must obtain a copy of the current version of the application. In addi ti, test transaction files and test master files must be created. As illustrated in the figure, test transactions may enter the system from magnetic tape, disk, or via an ‘erminal, Results from the test run will be in the form of routine output ports. In addition, the auditor must review hat account balances have been correctly Updated. The test results are then compared with the auditor’s expected results £0 dsermine if the application is funceioniag property. This comparison may be per- formed manually or through special computer software. Figure 7-17 lists selected fields for hypothetical transactions and accounts recels~ able records prepared by the auditor to testa sales order processing application, The figure aloo shows an error report of rejected transactions and a listing of the updated aavents receivable master file. Any deviations between the actual results obtained and those expected by the auditor may indicate « logic or control problem. The test data methd is use input reports, transaction listings, and error re the updated master files to determine ¢ Creating Test Data When renting test data, auditors must prepare a complete set of both valid and invalid weansactions. If test data are incomplete, auditors might fail to examine crit ical branches of application logic and error-checking routines. Test transactions Should test every possible input error, logical process, and irregularity. Gaining knowledge of the application's internal logic sufficient to create meaning: ful tece data frequently requires a large investment of time. However, the efficiency of this task can be improved through careful planning during systems development. The suditor should save the test data used to test program modules during the implemen- the SDLC for future use. Ifthe application has undergone no mainte- ance since its initial implementation, current audie test results should equal the test results obtained at implementation, However, if the application has been modified, the auditor can create additional test data that focus on the areas of the program changes- tation phase of Test Transactions tnput Sources ‘Auster prepares (eat wana acta fad expectag esl Predolormined Rewute Alt ost un, udior compares (oot rate ith recolored 0 EY testes Scanned with CamScannerater Aided Audit Tools and on “hniqwes for ‘esting Controls 325 | (Tea | Examples of Tost Data and Tou Results Tost Transaction Filo ' AXO12 Jaton Ty a tones, Man sa — : ra | eat | Hse, am | om Original Tost AR Master Filo Customen |” cusrowen | cneoir | connan? custe | Nant ADDRESS tint | DauANCE Zeasra | Smiemsoe | 15709. wapie,cry | 1.00000 | aoo.00 senan? | Sanautony | imetwinast, chy” | sipos0 | 400.09 Perea | Swindto, Joo | 1'Shady Side, Giy | 00009 Cae | pees Updated Test AR Mastor Filo 223 | sy | eewerey [same | co soon | Sia, | irae” | dasees | | aeae | [som] Saha | J ee | Error Roper | is ° * | Saereus ei ee i 245051 | Jones, Mary 123-LM CUST # feta ; Tuner, Agnes | U-75 Bushing eo Manz, Jamon | EAT 1 800 2.00 | record out ot sequence ase System Evaluation | Base Cave Set ‘arianws ofthe test data techniane. When the'see of res data i ng ie comprehensive, the technique is ealled the base ease sence a8 (ROSE). CSE rests ate conducted with a se eeceat transactions containing al toe Sible transaction types. These are processed through re * Fepeated iterations during sys- tens development testing until consistent and valid results are obtaitied. These Scanned with CamScanner326 pols and Techniques Chapter 7 Compurer-Assisted Audit results are the base case, When subsequent changes to the application occur dur. ing maintenance, their effects are evaluated by comparing current results with base case results. Tracing . | Another type of the test data technique called tracing performs an electronic walk. through of the application's internal logic. The tracing procedure involves three steps, ‘The application under review must undergo a special compilation to activate the trace option. 2. Specific transactions or types of transactions are created as test data, 3, The test data transactions are traced through all processing stages of the program, and a listing is produced of all programmed instructions that were executed during the test. Implementing tracing requires a detailed understanding of the application’s internal logic. Figure 7-18 illustrates the tracing process using a portion of the logic for a payroll application. The example shows records from two payroll files—a transaction record showing hours worked and two records from a mas- ter file showing pay rates. The trace listing at the bottom of Figure 7-18 identi- fies the program statements that were executed and the order of execution Analysis of trace options indicates that Commands 0001 through 0020 were exe- cuted. At that point, the application transferred to Command 0060. This occurred because the employee number (the key) of the transaction record did not match the key of the first record in the master file. Then Commands 0010 through 0050 were executed. Payroll Transaction File Trine | Employee or Cars | Number Namo | Year Hes ots | asese | ones. | 2008 30 Payroll Master Fila ‘Empoyes | Hoxry vo] vio Hunter” | Rate” | Eaings | dependants | winots] PICA. sore | as | i200 | 9 az00 | arse sso | 15 | rasa | 2 | ae00 | otars Computer Program Logie 9001" fend Rec tram Transaction Fe 910. fie Record rn 820 employee Mi poi ° "Wuage « (Rog Ha + (OF lire 1.5) x oury Rate Doan Rad Wage e YTD Enninge Doth Ota Doen eee Geto ane Trace Listing 090%, 0010, 9020, so, 0040, 0920, 0930, 2040, 0059 ec Scanned with CamScannerSwmaperer Aided Audit Toots and Technique for Testing Controls ‘Thr INTEGRATED: Test FAaCuity 17 Advantages of Test Data Techniques There are three primary advai through-the-computer test concerning application fu employed with o they require only tages of text data techniques. First, they emplor f thes providing the auditor with explicit evidence ions. Second, if property planned, test data runs can he ty minimal disruption to the organization's operations. Thicd, namal computer expertise on the part of auditors. Disadvantages of Test Data Techniques The primary disadvantage of all test data techniques os that auditors must rely on computer services personnel to obtain a copy of the apphcation for test purposes. This entails a ritk that computer vervices may intentionally of accidentally provide the auditor with the wrong version of the application and may reduce the reliabil- ity of the audit evidence. In general, audit evidence collected by independent means is more reliable than evidence supplied by the client. A second disadvantage of these techniques is that they provide a static picture cof application integrity at a single point in time. Ther do not provide a convenient meant of gathering evidence about ongoing application functionality. There is no evidence that the application being texted today ts functioning at it did during the year under test, A third disadvantage of test data techarques im the relatively high cost of implementation, which reeults im audit inefficiency. The auditor may devote consid: crable time to understanding program logic and creating tev data, Ja the following section, we see how automating trating techniques caa cevolve these problems, “The integrated text facility (ITT) approach is an actomuted technique that enables the auditor to test an apphcation’s logse and controls during ity normal operation: “The ITF is one or more audit modules destaned into the appheation daring the sys tems development process. In addition, ITF databases contain “dummy” of test master file records integrated with legitimate records, Some firms create a dummy Company to which test transactions are posted, During normal operations, test i ged inty the mput stream of regular (production) transactions transactions are me f inst the files of the duauny company. Figuee 7-19 illastrates and are processed a F cept. a oor scent modules are designed to discruminate beeween ITF transactions and routine production data. This may be accomplished in a umber of ways. One of the simplest and most commoaly used is to assign a unique range of key values ext juavely to TTF rransacbons. For example, in 2 sales order prosesting system, a eeoeat reaabers between) 2000 aud 2100 can be resereed for ITY trensertion 4 asp ant be assigned ro actual customer accounts. By segregating ITF transact ons irom legitimate transachons is this way, routine repors produced by he alice aoe eeot corrupted by TTF test data. Test resats are produced separately on 0 age media or hard cop} 2 the test data techniques, the auditor a Advantages of ITF AA ITE ecchnigue has two advantages over i655 dasa ongoing moniroring of canrrots ab regunred bY data techniques. First, ITE suppers 78. Seoond, applications with ‘Scanned with CamScanner328 Chapter 7 Computer-Assisted Audit Tools and Techniques Austrian wasacons The ITF Technique pop heleeeerera Tamsaciont | 1 | Expected | Results | | -— Production Applicaton with Embesaed ITF Modulos Master Files {Alter testing, the autor compares FTF results with expected reels. \ f ITF Tost Resuts : cae = ITF can be economically tested without disrupting the user’s operations and with out the intervention of computer services personnel. Thus, ITF improves the effi ciency of the audit and increases the reliability of the audit evidence gathered. Disadvantages of ITF Tire primary disadvantage of ITF is the potential for corrupting the data files of the organization with test data. Steps must be taken to ensure that [TF test transactions do not materially affect financial statements by being improperly aggregated with legitimate tcansactions. This problem is remedied in two ways: (1) adjusting entries may be processed to remove the effects of ITF from general ledger account balances or (2) data files can be scanned by special software that remove the ITF transactions. PARALLEL Parallel simulation requires the auditor to write a program that simulates key features SIMULATION or processes of the application under review. The simulated application is then used to reprocess transactions that were previously processed by the production applica: tion, This technique is illustrated in Figure 7-20. The results obtained from the simi lation are reconciled with the results of the original production run to establish a bas for making inferences about the quality of application processes and controls. Creating A Simulation Program A simulation program can be written in any programming language. Howevet because of the one-time nature of this task, itis a candidate for fourth-generati® language generators. The steps involved in performing parallel simulation restinB are outlined here. 1, The auditor must first gain a thorough understanding of the application unde review, Complete and current documentation of the application is require construct an accurate simulation. Scanned with CamScannerAided Audit Tools and Techniques for Testing Controls computer (ee | parallel Simulation Technique ‘Auditor uses GAS to Produce simulation ot appli Application ‘Specitications + Generalized ‘ual Software (Gas) Simulation Output Le that are critical to the au 3. The auditor creates the simulation u: (GAS). 4. The auditor runs the simulation progeam wsis tions and master 5. Finally, the audit t results produced in a previous run. Simulation programs are us they represent, Because simu tions, and controls relevant to specific ‘The auditor must then identify those 's to produce a set of result evaluates and reconciles the lly less cor tions cont audit objectives, tt evaluate differences between test results and pt resuls oceut for wo ceasons: (1) the inheren gram and (2) real deficiencies in the application's processes oe made apparent by the simolation progeam, 329 Production Transactions Production Transaction File ‘Actual Production Application Production Output ‘output wth production outa Processes and controls in the application © the processes to be simulated. sing a 4GL or generalized audit software ing selected production transac- fest results with the production plex than the Production applications only the applic. ‘ation processes, calcula © auditor must carefully oduction results. Differerices in owe. i ctudeness of the simulation pro. controls, which are Scanned with CamScanner