This article has multiple issues. Please help improve it or discuss these issues on the talk page . (Learn how and when to remove these messages)
|
Computer-assisted audit tool (CAATs) or computer-assisted audit tools and techniques (CAATTs) is a growing field within the IT audit profession. CAATs is the practice of using computers to automate the IT audit processes. CAATs normally include using basic office productivity software such as spreadsheets, word processors and text editing programs and more advanced software packages involving use statistical analysis and business intelligence tools. But also more dedicated specialized software are available (see below).
CAATs have become synonymous with data analytics in the audit process.
The traditional method of auditing allows auditors to build conclusions based upon a limited sample of a population, rather than an examination of all available or a large sample of data.
CAATTs, not CAATs, addresses these problems. CAATTs, as it is commonly used, is the practice of analyzing large volumes of data looking for anomalies. A well-designed CAATTs audit will not be a sample, but rather a complete review of all transactions. Using CAATTs the auditor will extract every transaction the business unit performed during the period reviewed. The auditor will then test that data to determine if there are any problems in the data.
Another advantage of CAATTs is that it allows auditors to test for specific risks. For example, an insurance company may want to ensure that it doesn't pay any claims after a policy is terminated. Using traditional audit techniques this risk would be very difficult to test. The auditor would "randomly select" a "statistically valid" sample of claims (usually if any of those claims were processed after a policy was terminated). Since the insurance company might process millions of claims the odds that any of those 30–50 "randomly selected" claims occurred after the policy was terminated is extremely unlikely.
Using CAATTs the auditor can select every claim that had a date of service after the policy termination date. The auditor then can determine if any claims were inappropriately paid. If they were, the auditor can then figure out why the controls to prevent this failure. In a real-life audit, the CAATTs auditor noted that several claims had been paid after policies were terminated. Using CAATTs the auditor was able to identify every claim that was paid and the exact dollar amount incorrectly paid by the insurance company. Furthermore, the auditor was able to identify the reason why these claims were paid. The reason why they were paid was because the participant paid their premium. The insurance company, having received a payment, paid the claims. Then after paying the claim the participant's check bounced. When the check bounced, the participant's policy was retrospectively terminated, but the claim was still paid costing the company hundreds of thousands of dollars per year.
Which looks better in an audit report:
"Audit reviewed 50 transactions and noted one transaction that was processed incorrectly"
or
"Audit used CAATTs and tested every transaction over the past year. We noted XXX exceptions wherein the company paid YYY dollars on terminated policies."
However, the CAATTs driven review is limited only to the data saved on files in accordance with a systematic pattern. Much data is never documented this way. In addition saved data often contains deficiencies, is poorly classified, is not easy to get, and it might be hard to become convinced about its integrity. So, for the present CAATTs is a complement to an auditor's tools and techniques. In certain audits, CAATTs can't be used at all. But there are also audits that simply can't be made with due care and efficiently without CAATTs.
In the most general terms, CAATTs can refer to any computer program utilized to improve the audit process. Generally, however, it is used to refer to any data extraction and analysis software. This would include programs such as data analysis and extraction tools, spreadsheets (e.g. Excel), databases (e.g. Access), statistical analysis (e.g. SAS), generalized audit software (e.g. ACL, Arbutus, EAS), business intelligence (e.g. Crystal Reports and Business Objects), etc.
Benefits of audit software include:
Audit specialized software may perform the following functions:
CAATs are the fundamental tool that is used by the auditors. This tool facilitates them to make search from the irregularities from the given data. With the help of this tool, the auditors and accountants of any firm will be able to provide more analytical results. These tools are used throughout every business environment and also in the industry sectors too. With the help of computer-assisted audit techniques, more forensic accounting with more analysis can be done. It’s really a helpful tool that helps the firm auditor to work in an efficient and productive manner. Working with the CAATs, it is essential for the accountant or the auditor to select the right data, the selection process is very much tricky, and you need to be professional for it. After selecting the right data, import that to the CAATs, now the tool will automatically generate the analytical data. This tool contributes to the efficiency of the auditors. The fundamental course outline [1] include:
There are several certification programs from various CAATs vendors and professional associations as the following:
In addition to using data analysis software, the auditor uses CAATs throughout the audit for the following activities while performing data analysis:
Keeping electronic work papers on a centralized audit file or database will allow the auditor to navigate through current and archived working papers with ease. The database will make it easier for auditors to coordinate current audits and ensure they consider findings from prior or related projects. Additionally, the auditor will be able to electronically standardize audit forms and formats, which can improve both the quality and consistency of the audit working papers.
CAATs provide auditors with tools that can identify unexpected or unexplained patterns in data that may indicate fraud. Whether the CAATs is simple or complex, data analysis provides many benefits in the prevention and detection of fraud.
CAATs can assist the auditor in detecting fraud by performing and creating the following,
Evaluations of financial information made by studying plausible relationships among both financial and non-financial data to assess whether account balances appear reasonable (AU 329). Examples include ratio, trend, and Benford's Law tests.
Reports produced using specific audit commands such as filtering records and joining data files.
Continuous monitoring is an ongoing process for acquiring, analyzing, and reporting on business data to identify and respond to operational business risks. For auditors to ensure a comprehensive approach to acquire, analyze, and report on business data, they must make certain the organization continuously monitors user activity on all computer systems, business transactions and processes, and application controls.
Curb stoning is the term for instances where a surveyor completes a survey form by making up data. Because some of the data should conform with Benford's law, this practice can be detected using CAATTs which provide the capability of performing such tests.
CAATTs and CAATs are used interchangeably. While CAATs has emerged as the more common spelling, CAATTs is the more precise acronym. The acronym CAATTs solves one of the two problems with defining the acronym. CAATs means:
Computer Aided (or Assisted) Audit Techniques (or Tools and Techniques)
The first "A" and the "T" can have two different meanings depending on who uses the term. By using the term CAATTs, one is clearly incorporating both "Tools" AND "Techniques."
Product Name / Brand | Developed by | Latest stable version | Latest release date | OS | Software license | Open source | Comments |
---|---|---|---|---|---|---|---|
Arbutus Analyzer | Arbutus Software | 7.00 | 2021-05-31 | Windows | Proprietary commercial | No | |
Audit Command Language (ACL) | Galvanize | 15.0 | 2020-10-31 | Windows | Proprietary commercial | No | Starting 2014 provide a free Excel add-in |
Easy2Analyse | QDAC.net. | 4.3 | 2015-05-15 | Windows | Proprietary commercial | No | Available in full and auditfiles version |
Intrasoft Audit Support Computer Audit (Formerly known as ESKORT / SESAM) | Intrasoft International | 7.5 [2] | 2021-03-31 | Windows | Proprietary commercial | No | Requires Excel for showing graphs and result of Benford law analysis. |
InfoZoom | humanIT | 9.0.5 | 2016-11-07 | Windows | Proprietary commercial | No | |
Interactive Data Extraction and Analysis (IDEA) | CaseWare International Inc. | 11.1 [3] | 2016-10-26 | Windows | Proprietary commercial | No | |
TeamMate Analytics (formerly TopCAATs) | Wolters Kluwer | 5.1 | 2017-09-18 | Windows | Proprietary commercial | No | Requires Microsoft Excel (TeamMate Analytics runs within Excel) |
SoftCAAT/ eCAAT [4] [5] | Wincer Infotech Limited | 9.0/ 9.0 | 2016-04-04 | Windows | Proprietary commercial | No | SoftCAAT is an independent application. eCAAT requires Microsoft Excel (eCAAT is an Excel add-in) [5] |
The following table compares features of specialized computer-aided audit tools. The table has several fields, as follows:
Product Name | Age Analysis | Benford's law | Calculated field | Drill-down (Table) | Drill-down (Pivot) | Matching | Matching (Fuzzy) | Sample (Random) | Sample (Monetary unit) | Sequence Check (Gap) | Sort field | Sort multiple fields | Statistics | Stratification | Total row |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Analyzer - Arbutus Software | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Audit Command Language (ACL) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Easy2Analyse (QDAC.net) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Intrasoft Audit Support Computer Audit | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
InfoZoom | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Interactive Data Extraction and Analysis (IDEA) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
TeamMate Analytics / TopCAATs | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
SoftCAAT/ eCAAT | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes |
Product Name | Audit log | Data graph | Export (CSV) | Export (DBF) | Export (Excel) |
---|---|---|---|---|---|
Analyzer - Arbutus Software | Yes | Yes | Yes | Yes | Yes |
Audit Command Language (ACL) | Yes | Yes | Yes | Yes | Yes |
Easy2Analyse (QDAC.net) | Yes | Yes | Yes | Yes | Yes |
Intasoft Audit Support Computer Audit | Yes | Yes | Yes | Yes | Yes |
InfoZoom | Yes | Yes | Yes | No | Yes |
Interactive Data Extraction and Analysis (IDEA) | Yes | Yes | Yes | Yes | Yes |
TeamMate Analytics / TopCAATs | Yes | Yes | Yes | No | Yes |
SoftCAAT/ eCAAT | Yes | Yes | Yes | No | Yes |
Product Name | Append/Merge | Import wizard | Import (CSV) | Import (DBF) | Import (Excel) | Import (SAF-T) | Import (SIE) | Import (XBRL-GL) |
---|---|---|---|---|---|---|---|---|
Analyzer - Arbutus Software | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Audit Command Language (ACL) | Yes | Yes | Yes | Yes | Yes | ? | ? | Yes |
Easy2Analyse (QDAC.net) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Intrasoft Audit Support Computer Audit (SESAM) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
InfoZoom | Yes | Yes | Yes | Yes | Yes | ? | ? | ? |
Interactive Data Extraction and Analysis (IDEA) | Yes | Yes | Yes | Yes | Yes [3] | Yes | Yes | Yes |
TeamMate Analytics / TopCAATs | Yes | Yes | Yes | Yes | Yes | Yes | ? | Yes |
SoftCAAT/ eCAAT | Yes | Yes | Yes | Yes | Yes | No | No | No |
A spreadsheet is a computer application for computation, organization, analysis and storage of data in tabular form. Spreadsheets were developed as computerized analogs of paper accounting worksheets. The program operates on data entered in cells of a table. Each cell may contain either numeric or text data, or the results of formulas that automatically calculate and display a value based on the contents of other cells. The term spreadsheet may also refer to one such electronic document.
In computing, extract, transform, load (ETL) is a three-phase process where data is extracted from an input source, transformed, and loaded into an output data container. The data can be collated from one or more sources and it can also be output to one or more destinations. ETL processing is typically executed using software applications but it can also be done manually by system operators. ETL software typically automates the entire process and can be run manually or on recurring schedules either as single jobs or aggregated into a batch of jobs.
The BMP file format, or bitmap, is a raster graphics image file format used to store bitmap digital images, independently of the display device, especially on Microsoft Windows and OS/2 operating systems.
A GIS file format is a standard for encoding geographical information into a computer file, as a specialized type of file format for use in geographic information systems (GIS) and other geospatial applications. Since the 1970s, dozens of formats have been created based on various data models for various purposes. They have been created by government mapping agencies, GIS software vendors, standards bodies such as the Open Geospatial Consortium, informal user communities, and even individual developers.
Comma-separated values (CSV) is a text file format that uses commas to separate values, and newlines to separate records. A CSV file stores tabular data in plain text, where each line of the file typically represents one data record. Each record consists of the same number of fields, and these are separated by commas in the CSV file. If the field delimiter itself may appear within a field, fields can be surrounded with quotation marks.
A laboratory information management system (LIMS), sometimes referred to as a laboratory information system (LIS) or laboratory management system (LMS), is a software-based solution with features that support a modern laboratory's operations. Key features include—but are not limited to—workflow and data tracking support, flexible architecture, and data exchange interfaces, which fully "support its use in regulated environments". The features and uses of a LIMS have evolved over the years from simple sample tracking to an enterprise resource planning tool that manages multiple aspects of laboratory informatics.
A hex editor is a computer program that allows for manipulation of the fundamental binary data that constitutes a computer file. The name 'hex' comes from 'hexadecimal', a standard numerical format for representing binary data. A typical computer file occupies multiple areas on the storage medium, whose contents are combined to form the file. Hex editors that are designed to parse and edit sector data from the physical segments of floppy or hard disks are sometimes called sector editors or disk editors.
XBRL is a freely available and global framework for exchanging business information. XBRL allows the expression of semantics commonly required in business reporting. The standard was originally based on XML, but now additionally supports reports in JSON and CSV formats, as well as the original XML-based syntax. XBRL is also increasingly used in its Inline XBRL variant, which embeds XBRL tags into an HTML document. One common use of XBRL is the exchange of financial information, such as in a company's annual financial report. The XBRL standard is developed and published by XBRL International, Inc. (XII).
STEP-file is a widely used data exchange form of STEP. ISO 10303 can represent 3D objects in computer-aided design (CAD) and related information. Due to its ASCII structure, a STEP-file is easy to read, with typically one instance per line. The format of a STEP-file is defined in ISO 10303-21 Clear Text Encoding of the Exchange Structure.
An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure and business applications. The evaluation of evidence obtained determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.
Data cleansing or data cleaning is the process of identifying and correcting corrupt, inaccurate, or irrelevant records from a dataset, table, or database. It involves detecting incomplete, incorrect, or inaccurate parts of the data and then replacing, modifying, or deleting the affected data. Data cleansing can be performed interactively using data wrangling tools, or through batch processing often via scripts or a data quality firewall.
A software audit review, or software audit, is a type of software review in which one or more auditors who are not members of the software development organization conduct "An independent examination of a software product, software process, or set of software processes to assess compliance with specifications, standards, contractual agreements, or other criteria".
An entity–attribute–value model (EAV) is a data model optimized for the space-efficient storage of sparse—or ad-hoc—property or data values, intended for situations where runtime usage patterns are arbitrary, subject to user variation, or otherwise unforeseeable using a fixed design. The use-case targets applications which offer a large or rich system of defined property types, which are in turn appropriate to a wide set of entities, but where typically only a small, specific selection of these are instantiated for a given entity. Therefore, this type of data model relates to the mathematical notion of a sparse matrix. EAV is also known as object–attribute–value model, vertical database model, and open schema.
A geographic data model, geospatial data model, or simply data model in the context of geographic information systems, is a mathematical and digital structure for representing phenomena over the Earth. Generally, such data models represent various aspects of these phenomena by means of geographic data, including spatial locations, attributes, change over time, and identity. For example, the vector data model represents geography as collections of points, lines, and polygons, and the raster data model represent geography as cell matrices that store numeric values. Data models are implemented throughout the GIS ecosystem, including the software tools for data management and spatial analysis, data stored in a variety of GIS file formats, specifications and standards, and specific designs for GIS installations.
XBRL assurance is the auditor's opinion on whether a financial statement or other business report published in XBRL, is relevant, accurate, complete, and fairly presented. An XBRL report is an electronic file and called instance in XBRL terminology.
Continuous auditing is an automatic method used to perform auditing activities, such as control and risk assessments, on a more frequent basis. Technology plays a key role in continuous audit activities by helping to automate the identification of exceptions or anomalies, analyze patterns within the digits of key numeric fields, review trends, and test controls, among other activities.
The XBRL Global Ledger Taxonomy Framework is a holistic and generic XML and XBRL-based representation of the detailed data that can be found in accounting and operational systems, and is meant to be the bridge from transactional standards to reporting standards, integrating the Business Reporting Supply Chain.
The SIE format is an open standard for transferring accounting data between different software produced by different software suppliers.
SAF-T is an international standard for electronic exchange of reliable accounting data from organizations to a national tax authority or external auditors. The standard is defined by the Organisation for Economic Co-operation and Development (OECD). The file requirements are expressed using XML, but the OECD does not impose any particular file format, recommending that "It is entirely a matter for revenue bodies to develop their policies for implementation of SAF-T, including its representation in XML. However, revenue bodies should consider data formats that permit audit automation today while minimising potential costs to all stakeholders when moving to new global open standards for business and financial data such as XBRL, and XBRL_GL in particular."
Audit technology is the use of computer technology to improve an audit. Audit technology is used by accounting firms to improve the efficiency of the external audit procedures they perform.