Loading...
Menu

CISA Exam-Testing Concept-Online Auditing Techniques

p<>{color:#000;}.

Testing Concept-Online Auditing Techniques

Hemang Doshi

CISA, ACA,DISA,FIII

Details about this E-Book:

The objective of this e-book is to ensure that CISA candidate get adequate knowledge of various online auditing techniques. Following techniques are covered in this book:

-ITF

-SCARF

-Snapshot

-Audit hook

-CIS

 

Question Answer and Explanation (QAE) are designed in accordance with CISA exam pattern. This small e-book will help CISA candidate to attempt questions on these techniques more confidently and correctly.

Concepts have been simplified for easy reference of CISA candidates.

Integrated Test Facility (ITF)

- Fictitious entity is created in LIVE environment.

-This technique allows auditor to open a dummy account.

-Auditor can enter dummy or test transactions and verify the processing and results of these transactions for correctness.

-Processed results and expected results are compared to verify that systems are operating correctly.

-Example: A dummy asset of $ 100000/- is entered into system to verify whether same is being capitalized under correct head and depreciation is calculated properly as per correct rate. Subsequently this dummy transaction is removed after verification of system controls.

System Control Audit Review File (SCARF)

-SCARF stands for System Control Audit Review File.

-In this technique an embedded (inbuilt) audit module is used to continuously monitor transactions.

-This technique is used to collect data for special audit purpose.

-SCARF files records only those transactions which are of special audit significance such transactions above specified limit or transactions related to deviation/exception.

-On regular basis, auditor gets a printout of the SCARF file for examination and verification.

Snapshot Technique

-In this technique, snaps (pictures) are taken of the transactions as transaction moves through various stages in the application system.

-Both before -processing and after -processing images of the transactions are captured.

-Auditor can verify the correctness of the processing by checking before-processing and after-processing images of the transactions.

-In this technique, three important considerations are (i)location where snaps to be taken (ii)time of capturing snaps and (iii) reporting of snapshot data captured.

Audit Hook

-These are audit software that captures suspicious transactions.

-Criteria for suspicious transactions are designed by auditors as per their requirement.

-For example, in most of the organizations, cash transactions are monitored closely. Criteria can be designed to capture cash transaction exceeding $ 50000/- All such captured transaction are subsequently verified by auditor to identify fraud, if any.

-Audit hook is useful when early detection of error or fraud is required.

Continuous and Intermittent Simulation (CIS)

-This technique is variation of SCARF technique.

-This technique can be used whenever the application system uses the database management system (DBMS).

-DBMS reads the transaction which is passed to CIS. If transaction is as per selected criteria, then CIS examines the transaction for correctness.

-CIS determines whether any discrepancies exist between the results it produces and those the application system produces.

-Such discrepancies are written to exception log file.

-Thus, CIS replicates or simulates the application system processing.

-As high complex criteria can be set in CIS, it is the best technique to identify transactions as per pre-defined criteria.

Point to remember for CISA Exam:

When audit trail is required- answer has to be snapshot.

When early detection of error or irregularities is required- answer has to be audit hook.

Best technique to identify transactions as per pre-defined criteria-answer has to be CIS.

When fictitious entity is created in live production-answer has to be ITF.

Question, Answer & Explanation:

Below QAE are solely on the concept of audit techniques. They resemble to the type/nature of questions that are actually asked in CISA exams. Candidates are advised to attempt below questions multiple times. More emphasis to be given on explanation part for better understanding.

(1)Management of an organisation is evaluating automated audit tool for its critical business processes. Which of the following audit tools is MOST useful when an audit trail is required?

 

A. Integrated test facility (ITF)

B. Continuous and intermittent simulation (CIS)

C. Audit hooks

D. Snapshots

 

The correct answer is: D. Snapshots

Explanation: -In snapshot technique, snaps (pictures) are taken of the transactions as transaction moves through various stages in the application system.

-Both before -processing and after -processing images of the transactions are captured.

-Auditor can verify the correctness of the processing by checking before-processing and after-processing images of the transactions.

(2)Integrated test facility (ITF) has advantage over other automated audit tools because of its following characteristics:

 

A. Creation of dummies/fictitious entity is not required as testing is done on actual master files.

B. ITF does not require setting up separate test environment/test processes.

C. ITF is continuous audit tool and validates the ongoing operation of the system.

D. ITF eliminates the need to prepare test data.

 

The correct answer is: B. ITF does not require setting up separate test environment/test processes.

Explanation: Fictitious entity is created in LIVE environment. As live environment is used, there is no need to create separate test processes. However, careful planning is necessary, and test data must be isolated from production data.

(3)Characteristics that BEST describes an integrated test facility:

 

A. Technique to verify system processing.

B. Technique to verify system integration.

C. Technique to generate test data.

D. Technique to validate the ongoing operation of the system.

 

The correct answer is: A. Technique to verify system processing.

Explanation: In ITF, fictitious entity is created in LIVE environment. Auditor can enter dummy or test transactions and verify the processing and results of these transactions for correctness. Processed results and expected results are compared to verify that systems are operating correctly. ITF does not verify system integration neither it is used to generate test data. ITF does not validate the ongoing operation of the system.

(4) Management of an organisation is evaluating automated audit tool for its critical business processes. Which of the following audit tools is MOST useful for the early detection of errors or irregularities?

 

A. Embedded audit module

B. Integrated test facility

C. Snapshots

D. Audit hooks

 

The correct answer is: D. Audit hooks

Explanation: The audit hook technique involves embedding code in application systems for the examination of selected transactions. This helps the IS auditor to act before an error or an irregularity gets out of hand. Audit hooks have very low complexity in designing criteria and hence most useful tool when early detection is warranted.

 

(5)Which of the below online auditing tool would best identify transactions as per pre-defined criteria?

A. Systems Control Audit Review File and Embedded Audit Modules (SCARF/EAM)

B. Continuous and Intermittent Simulation (CIS)

C. Integrated Test Facilities (ITF)

D. Audit hooks

 

Answer: B. Continuous and Intermittent Simulation (CIS)

 

Explanation:

As high complex criteria can be set in CIS, it is the best technique to identify transactions as per pre-defined criteria. Continuous and Intermittent Simulation (CIS) is a moderately complex set of programs that during a process run of a transaction, simulates the instruction execution of its application. As each transaction is entered, the simulator decides whether the transaction meets certain predetermined criteria and if so, audits the transaction. If not, the simulator waits until it encounters the next transaction that meets the criteria. Audits hooks which are of low complexity focus on specific conditions instead of detailed criteria in identifying transactions for review. ITF is incorrect because its focus is on test versus live data.

 

(6)Characteristics that BEST describes an integrated test facility:

 

 

A. actual transactions are validated on ongoing basis.

B. enables the IS auditors to generate test data.

C. pre-determined results are compared with processing output to ascertain correctness of system processing.

D. enables the IS auditors to analyse large range of information.

Answer: C. pre-determined results are compared with processing output to ascertain correctness of system processing.

 

Explanation:

In ITF technique, auditor can enter dummy or test transactions and verify the processing and results of these transactions for correctness. Processed results and expected results are compared to verify that systems are operating correctly. Other options are not correct in view of ITF characteristics.

 

(7) To identify excess inventory for the previous year, which online auditing technique can be used?

 

A. Test data

B. Generalized audit software

C. Integrated test facility

D. Embedded audit module

 

The correct answer is: B. Generalized audit software

 

Explanation: The IS auditor, using generalized audit software, could design appropriate tests to identify excess inventory. Test data would not be relevant here as audit will be required on actual data. ITF and EAM cannot detect errors for a previous period.


CISA Exam-Testing Concept-Online Auditing Techniques

The objective of this e-book is to ensure that CISA candidate get adequate knowledge of various online auditing techniques. Following techniques are covered in this e-book -ITF -SCARF -Snapshot -Audit hook -CIS Question Answer and Explanation (QAE) are designed in accordance with CISA exam pattern. This small e-book will help CISA candidate to attempt questions on these techniques more confidently and correctly. Concepts have been simplified for easy reference of CISA candidates.

  • ISBN: 9781310546297
  • Author: Hemang Doshi
  • Published: 2016-05-20 20:20:14
  • Words: 1400
CISA Exam-Testing Concept-Online Auditing Techniques CISA Exam-Testing Concept-Online Auditing Techniques