Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Teknik Audit IT

Audit Data

Farida Hermana

ACL Software

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

ACL Software

Index of IS Auditing Standards

S1
S2
S3
S4
S5
S6
S7
S8
S9
S10
S11
S12
S13
S14
S15
S16

Audit Charter
1 January 2005
Independence
1 January 2005
Professional Ethics and Standards
1 January 2005
Competence
1 January 2005
Planning
1 January 2005
Performance of Audit Work
1 January 2005
Reporting
1 January 2005
Follow-Up Activities
1 January 2005
Irregularities and Illegal Acts
1 September 2005
IT Governance
1 September 2005
Use of Risk Assessment in Audit Planning
1 November 2005
Audit Materiality
1 July 2006
Using the Work of Other Experts
1 July 2006
Audit Evidence
1 July 2006
IT Controls
1February 2008
E-commerce
1February 2008

Farida Hermana

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

The Audit Process components

S1
S5
S6
S7
S8

Audit Charter (= engagement letter) 1 January 2005

Planning
1 January 2005
Performance of Audit Work
1 January 2005
Reporting
1 January 2005
Follow-Up Activities
1 January 2005

Supporting standards

S2
S3
S4
S9
S10
S11
S12
S13
S14
S15

Independence
1 January 2005
Professional Ethics and Standards
1 January 2005
Competence
1 January 2005
Irregularities and Illegal Acts
1 September 2005
IT Governance
1 September 2005
Use of Risk Assessment in Audit Planning
1 November 2005
Audit Materiality
1 July 2006
Using the Work of Other Experts
1 July 2006
Audit Evidence
1 July 2006
IT Controls
1February 2008

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Audit Techniques (general)

Review of the system of
internal control
Analytical Review
Reconciliations
External documents and
records
Norms, standards and industry
statistics
Existence verification
Information of audittee

Other
Attestae de vita
Negative verification of
obligations
Statements/opinions of other
(audit) professionals
Third party Judgement

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

IT Audit techniques
Audit techniques
Computer Assisted Audit Techniques (CAATs)
Audit Sampling
Effect of Pervasive IS Controls
Use of Risk Assessment in Audit Planning
Computer Forensics
IT Management and Governance
IT Governance System Development Life Cycle
(SDLC) Review
Outsourcing of IS Activities
Post-implementation Review

Caats Selection

Audit Data

Farida Hermana

ACL Software

IT Infrastructure related
(ICT) Business Continuity Plan (BCP)
Review
Process related
Business Process Reengineering (BPR)
Project Reviews
Business-to-consumer (B2C) Ecommerce Review
Application related
Application Systems Review
Effect of Third Parties IT Controls
Enterprise Resource Planning (ERP)
Systems Review General
Considerations on the Use of the
Internet
Internet Banking
Materiality Concepts for Auditing
Information Systems
Mobile Computing
Review of Virtual Private Networks

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

ISACA IS Auditing Guidelines (1)

G01
Using the Work of Other Experts (PDF, 50K) Mar 2008
G02
Audit Evidence Requirement (PDF, 50K) Mar 2008
G03
Use of Computer-Assisted Audit Techniques (PDF, 59K)
Mar 2008
G04
Outsourcing of IS Activities to Other Organisations (PDF,
54K) Mar 2008
G05
Audit Charter (PDF, 47K) Feb 2008
G06
Materiality Concepts for Auditing Information Systems
(PDF, 55K) Mar 2008
G07
Due Professional Care (PDF, 45K) Mar 2008
G08
Audit Documentation (PDF, 47K) Mar 2008
G09
Audit Considerations for Irregularities (PDF, 73K) Aug 2008
G10
Audit Sampling (PDF, 55K) Nov 1999

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

ISACA IS Auditing Guidelines (2)

G11
Effect of Pervasive IS Controls (PDF, 134K) Nov 1999
G12
Organisational Relationship and Independence (PDF, 49K)
May 2000
G13
Use of Risk Assessment in Audit Planning (PDF, 56K) May 2000
G14
Application Systems Review (PDF, 34K) Jul 2001
G15
Planning (PDF, 35K) Nov 2001
G16
Effect of Third Parties on an Organisation's IT Controls (PDF,
144K) Nov 2001
G17
Effect of Nonaudit Role on the IS Auditor's Independence (PDF,
140K) Apr 2002
G18
IT Governance (PDF, 145K) Apr 2002
G20
Reporting (PDF, 133K) Oct 2002

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

ISACA IS Auditing Guidelines (3)

G21
Enterprise Resource Planning (ERP) Systems Review (PDF,
114K) Aug 2003
G22
Business to Consumer (B2C) E-commerce Review (PDF, 210K)
Aug 2003
G23
System Development Life Cycle (SDLC) Review (PDF, 72K)
2003
G24
Internet Banking (PDF, 177K) Aug 2003
G25
Review of Virtual Private Networks (PDF, 64K) Oct 2003
G26
Business Process Reengineering (BPR) Project Reviews (PDF,
250K) Apr 2004
G27
Mobile Computing (PDF, 46K) Jul 2004
G28
Computer Forensics (PDF, 58K) Jul 2004
G29
Post Implementation Review (PDF, 216K)

Aug

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

ISACA IS Auditing Guidelines (4)

G30
G31
G32

Competence (PDF, 145K) Feb 2005

Privacy (PDF, 192K) Jun 2005
Business Continuity Plan (BCP) Review from IT Perspective (PDF,
163K) Jul 2005
G33
General Considerations on the Use of Internet (PDF, 166K) Dec
2005
G34
Responsibility, Authority and Accountability (PDF, 117K) Dec 2005
G35
Follow-up Activities (PDF, 178K) Dec 2005
G36
Biometric Controls (PDF, 174K) Oct 2006
G38
Access Controls (PDF, 82K) Feb 2008
G39
IT Organisation (PDF, 81K) Mar 2008

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

ACL Software

ISACA IS Auditing Procedures

Farida Hermana

P01
IS Risk Assessment Measurement (PDF, 237K) Apr 2002
P02
Digital Signatures (PDF, 176K) May 2002
P03
Intrusion Detection (PDF, 168K) May 2003
P04
Viruses and Other Malicious Logic (PDF, 227K) May 2003
P05
Control Risk Self-assessment (PDF, 166K) May 2003
P06
Firewalls (PDF, 248K) May 2003
P07
Irregularities and Illegal Acts (PDF, 201K) Oct 2003
P08
Security Assessment - Penetration Testing and Vulnerability
Analysis (PDF, 221K) Feb 2004
P09
Evaluation of Management Controls Over Encryption
Methodologies (PDF, 170K) Apr 2004
P10
Business Application Change Control (PDF, 230K) Aug 2006
P11 Electronic Funds Transfer (EFT) (PDF, 87K) Feb 2007

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

ISACA Audit programs (1)

Biometric Technologies (DOC, 2K) Feb 2004

Business Continuity Planning (DOC, 2K) Sep 2001
Cellular Management Billing (DOC, 2K) Nov 2001
Change Control (DOC, 2K) Sep 2001
Customer Relationship Management (CRM) Feb 2004
Cybercrime: Incident Response and Digital Forensics Sep 2006
eCommerce Security Business Continuity Planning (DOC, 2K) Oct 2002
eCommerce Security Creation, Storage and Maintenance of Trading Partner Records
(DOC, 2K) Oct 2000
eCommerce Security PKI, Digital Certificates in E-commerce (DOC, 2K) Sep 2001
eCommerce Security Public Key Infrastructure Symmetrical (Private) Key
Encryption (DOC, 2K) Sep 2001

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

ISACA Audit programs (2)

eCommerce Security Selection & Identification of Trading Partners
(DOC, 2K) Oct 2000
Generic Application Review (DOC, 2K) Sep 2001
Identity Management (DOC, 2K) Feb 2004
Incident Handling (DOC, 2K) Jul 2004
Linux: Security, Audit and Control Features Sep 2006
Oracle Database (DOC, 2K) Aug 2004
Oracle E-Business Suite (DOC, 67K) Nov 2006
OS/390-z/OS (DOC, 2K) Feb 2004
Outsourcing (DOC, 2K) Oct 2000
PeopleSoft (DOC, 2K) Aug 2006

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

ISACA Audit programs (3)

SAP R-3 (DOC, 2K) Feb 2006

Securing the Network Perimeter (DOC, 2K) May 2003
Security Provisioning (PDF, 72K) May 2003
Softserve Internet Services (PDF, 225K) Dec 2004
Software Licensing (DOC, 2K) Sep 2001
Systems Development Life Cycle (SDLC) (DOC, 2K) Sep 2001
Telephone Management Billing (DOC, 2K) Sep 2001
UNIX OS (DOC, 2K) Sep 2001
Virtual Private Networking (DOC, 2K) Aug 2004

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

ACL Software

CAATs: Computer Assisted Audit Techniques

(Audit with the computer)

3670.1
3670.2
3670.3
3670.4
3670.5
3670.6
3670.7
3670.8
3670.9
3670.10
3670.11
3670.12

Farida Hermana

CAATs
Selecting a Data Analysis Technique
Planning Data Analysis in the Audit Process
Data Analysis in Control Testing
Establishing a Data Analysis Programme
Integrating CAATs Into the Audit Process
CAATs in Control Testing
Establishing a CAAT Programme
Managing a CAAT Project
Using CAATs in a Continuous Auditing Environment
Using Client Data
Documenting CAATs

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

3670.1 CAATs
Three types:
Data testing
Systems testing
Information modeling and analysis security.
Other considerations
when to use
addressing and resolving technical issues;
ensuring integrity of the CAAT process, including security over the CAAT software,
the file of selected items and the selection process.
CAAT planning issues, data retention, data integrity and completeness, privacy and
confidentiality concerns,
the removal of files or selected records to the auditors computer and potentially
offsite.
use of CAATs in various environments, including continuous auditing.

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

ACL Software

Audit of Information Systems

(Application systems. G14)

Planning
Performance of Audit Work
Reporting

Farida Hermana

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Audit of Information Systems

Planning considerations
An integral part of planning is understanding the organisations information
system environment: to a sufficient extent for the IS auditor to determine:
the size and complexity of the systems and
the extent of the organisations dependence on information systems. The IS auditor should
gain an understanding of the organisations mission and business objectives,
the level and manner in which information technology and information systems are used to
support the organisation, and
the risks and exposures associated with the organisations objectives and its information
systems.

Also, an understanding of the organisational structure including roles and

responsibilities of key IS staff and the business process owner of the application
system should be obtained.

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Audit of Information Systems

Planning considerations: application level risks

Application level risks at the system and data level include such things as:
System availability risks relating to the lack of system operational capability
System security risks relating to unauthorised access to systems and/or data
System integrity risks relating to the incomplete, inaccurate, untimely, or
unauthorised processing of data
System maintainability risks relating to the inability to update the system when
required in a manner that continues to provide for system availability, security, and
integrity
Data risks relating to its completeness, integrity, confidentiality, privacy and
accuracy

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Audit of Information Systems

Planning considerations: Application controls

Application controls to address the application level risks may be in
the form of
computerised controls built into the system,
manually performed controls,
or a combination of both.

Examples include
the computerised matching of documents (purchase order, invoice
and goods received report),
the checking and signing of a computer generated cheque and
the review by senior management of exception reports.

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Audit of Information Systems

Planning considerations: General

IT Controls

Where the option to place reliance on programmed controls is taken,

relevant general IT controls should be considered, as well as controls
specifically relevant to the audit objective.
General IT controls could be the subject of a separate review, which
would include such things as:

physical controls,
system level security,
network management,
data backup
contingency planning

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Audit of Information Systems

Planning considerations: When

Application system reviews can be performed

and What

when a package application system is being evaluated for acquisition,

before the application system goes into production (pre-implementation)
after the application system has gone into production (post-implementation).

Pre-implementation application system review coverage includes

the architecture of application level security,

plans for the implementation of security,
the adequacy of system and user documentation
the adequacy of actual or planned user acceptance testing.

Post-implementation review coverage includes

application level security after implementation
may cover system conversion if there has been a transfer of data and masterfile
information from the old to the new system

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

ACL Software

Audit of Information Systems

3. PERFORMANCE OF AUDIT WORK

3.1 Documenting the Flow of Transactions
3.2 Identifying and Testing the Application
System Controls
4. REPORTING
4.1 Weaknesses

Farida Hermana

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Configuration Management Data Base

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

ACL Software

Audit of Information Systems:

Information Criteria
Objectives should be developed to address the 7 COBIT information
criteria and then agreed upon by the organisation. The 7 COBIT
information criteria are the following:

Effectiveness
Efficiency
Confidentiality
Integrity (= completeness+
correctness + timeliness +
authorization)
Availability
Compliance
Reliability of Information

Farida Hermana

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Audit of the Data Center / ICT infrastructure

Logical access control
Software change management
Backup, recovery and fall back

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

ACL Software

Audit of logical access control

General Access Path
User

Data communication software

Transaction software
Application software
Data access methods

Data

Three parts:
- Identification
- Authentication
- Autorisation

Farida Hermana

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Four commonly used sampling methods.

Statistical sampling methods

Nonstatistical sampling methods

Random sampling

Haphazard sampling

Ensures that all combinations of sampling units in the population have

anequal chance of selection

Systematic sampling
Involves selecting sampling units using a fixed interval between
selections, the first interval having a random start.
Examples include

-Monetary Unit Sampling

-Value Weighted selection where each individual monetary value
(e.g., $1) in the population is given an equal chance of selection. As the
individual monetary unit cannot ordinarily be examined separately, the
item which includes that monetary unit is selected for examination.
This method systematically weights the selection in favour of the larger
amounts but still gives every monetary value an equal opportunity for
selection.
Another example includes selecting

every nth sampling unit

The IS auditor selects the sample without following a structured

technique, while avoiding any conscious bias or predictability. However,
analysis of a haphazard sample should not be relied upon to form a
conclusion on the population

Judgmental sampling
The IS auditor places a bias on the sample (e.g., all sampling units
overa certain value, all for a specific type of exception, all negatives, all
new users). It should benoted that a judgemental sample is not statistically
based and results should not be extrapolated over the population as the
sample is unlikely to be representative of the population

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Standard S15 on IT CONTROLS

03 The IS auditor should evaluate and monitor IT controls that are an integral
part of the internal control environment of the organisation.
04 The IS auditor should assist management by providing advice regarding the
design, implementation, operation and improvement of IT controls.
Commentary
Management is accountable for the internal control environment of an
organisation including IT controls.
IT controls are comprised of general IT controls, which include
pervasive IT controls,
detailed IT controls and
application controls,

and refer to controls over the acquisition, implementation, delivery and

support of IT systems and services.

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

IT Controls
General IT controls
are controls that minimise risk to the overall functioning of the
organisations IT systems and infrastructure and to a broad set of
automated solutions (applications).

Application controls
are a set of controls embedded within applications.

Pervasive IT controls
are general IT controls that are designed to manage and monitor the IT
environment and, therefore, affect all IT-related activities.

Detailed IT controls
are made up of application controls plus those general IT controls not
included in pervasive IT controls.

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Control processes
are the policies, procedures and activities
that are part of a control environment,
designed to ensure that risks are contained within the risk
tolerances established by the risk management process.
COBIT defines control as
the policies, procedures, practices and organisational structures,
designed to provide reasonable assurance that business objectives
will be achieved and that undesired events will be prevented or
detected and corrected..

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

DAT Data Analysis Techniques,

Continous Auditing, On line Auditing
The IS auditor should consider the use of data
analysis techniques
including the use of continuous assurance,
which allows IS auditors to monitor system reliability on a
continuous basis and
to gather selective audit evidence through the computer
when reviewing IT controls

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Audit Evidence: Appropriate, Reliable and Sufficient (IS standard 14)

03 The IS auditor should obtain sufficient and appropriate audit evidence to draw reasonable
conclusions on which to base the audit results.
04 The IS auditor should evaluate the sufficiency of audit evidence obtained during the audit.

Appropriate Evidence

Includes the procedures as performed by the auditor

Includes the results of procedures performed by the IS

auditor

Includes source documents (in either electronic or paper

format), records and corroborating information used to
support the audit

Includes findings and results of the audit work

Demonstrates that the work was performed and complies

with applicable laws, regulations and policies
Reliable Evidence
In general terms, audit evidence reliability is greater when it is:

In written form, rather than oral expressions

Obtained from independent sources

Obtained by the IS auditor rather than from the entity

being audited

Certified by an independent party

Kept by an independent party

Sufficient Evidence

The evidence can be considered sufficient if it

supports all the material questions to the audit
objective and scope.

Audit evidence should be objective and sufficient

to enable a qualified independent party to
reperform the tests and obtain the same results.
The evidence should be commensurate with the
materiality of the item and the risks involved.

Sufficiency is a measure of the quantity of audit

evidence, while appropriateness is the measure of
the quality of the audit evidence, and they are
interrelated. In this context, when information
obtained from the organisation is used by the IS

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Obtain audit evidence

The IS auditor can obtain the audit evidence by:
Inspection
Observation
Inquiry and confirmation
Reperformance
Recalculation
Computation
Analytical procedures
Other generally accepted methods

Farida Hermana

ACL Software

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Audit Documentation: Potential Uses

Potential uses of documentation include, but are not limited to:

Demonstration of the extent to which the IS auditor has complied with the IS Auditing
Standards

Demonstration of audit performance to meet requirements as per the audit charter

Assistance with planning, performance and review of audits

Facilitation of third-party reviews

Evaluation of the IS auditing functions QA programme

Support in circumstances such as insurance claims, fraud cases, disputes and lawsuits

Assistance with professional development of staff

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Audit documentation : Table of Contents

Documentation should include, at a minimum, a record of:

Review of previous audit documentation

The planning and preparation of the audit scope and objectives. IS auditors must have an
understanding of the industry, business domain, business process, product, vendor support
and overall environment under review.

Minutes of management review meetings, audit committee meetings and other audit-related
meetings

The audit programme and audit procedures that will satisfy the audit objectives

The audit steps performed and audit evidence gathered to evaluate the strengths and
weakness of controls

The audit findings, conclusions and recommendations

Any report issued as a result of the audit work

Supervisory review

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

The extent of the IS auditors documentation depends on the

needs for a particular audit and should include such things as:

SCOPE: The IS auditors understanding of the areas to be audited and its

environment.

The IS

auditors understanding of the information processing systems and the

internal control environment including the:

Control environment
Control procedures
Detection risk assessment
Control risk assessment
Equate total risk

The author and

source of the audit documentation and the date of its completion

Methods used to assess adequacy of control, existence of control weakness or lack of controls,and identify

Audit evidence, the source of the audit documentation and the date of completion, including:

Acknowledgement from appropriate person of receipt of audit report and findings

Auditees response to recommendations

Version control, especially where documentation is in electronic media

compensating controls

Compliance tests, which are based on test policies, procedures and segregation duties
Substantive tests, which are based on analytic procedures, detailed test accounts balances and other substantive
audit procedures

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

IT Audit :

Caats Selection

Audit Data

ACL Software

..vs Audit Conventional ?

Arround The Computer

Through The Computer
With The Computer

Persamaan:
1.
2.
3.
4.
5.

Definisi Auditing
Auditor
Tujuan Audit
Opini Auditor
Norma Pemeriksaan

Perbedaan:
Computer Assisted Audit
Techniques (CAATs)
Atau
Teknik Audit
Berbantuan Komputer
(TABK)

Paperless

1.
2.
3.
4.
5.

Jejak Audit
Keseragaman Transaksi
Pemisahan tugas
Resiko
Manfaat

Paperbased

1.
2.
3.

Caats Method

Farida Hermana

Catatan kronologis dari penggunaan

sumber daya sistem
Mencakup user login, akses file, berbagai
aktifitas lain, dan apakah ada pelanggaran

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Lembar Kerja Pemeriksaan

Audit Data

Farida Hermana

ACL Software

Arround The Computer

Contoh:
Apakah kebijaksanaan pengamanan penggunaan
aplikasi
telah memperhatikan prinsip-prinsip
umum kontrol aplikasi yang meliputi :

Pemisahaan tugas .antara pengguna,

operasi, dan pengembangan
Penggunaan hanya . yang berwenang
Menjamin . data telah divalidasi
Y/T
Menjamin data yang ditransfer benar dan
lengkap
Tersedianya jejak audit yang memadai serta
penelaahan oleh pihak yang berwenang
Tersedianya prosedur restart dan recovery

Y/T
Y/T

Y/T
Y/T
Y/T

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Through The Computer

Target Pemeriksaan

Application Program
Communication
Control Program

Database
Management
System

Operating System
Hardware
Infrastructure
(power, teleccomunication, etc)

User Profile

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Lembar Kerja Pemeriksaan

Caats Selection

Audit Data

A.
B.
C.
D.
E.
F.
G.
H.
I.

:
:
:

Input Control ?
Processing Control ?
Error Correction ?
Output Control ?
End Documentation ?
Authorization ?
Security ?
Separation of Duties ?
File Maintenance ?

ACL Software

Through The Computer

Transaction Worksheet
System
Sub System
Transaction

Farida Hermana

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

CAATs
CAATs akan berguna untuk diterapkan pada lingkungan (organisasi/bisnis)
yang:

High volumes of transactions

Complex processes
Distributed operations
Different applications and systems.

CAATs Methods

Test Data
Integrated Test Facility (Ift)
Parallel Simulation
Embedded Audit Model
Generalized Audit System (Gas)

Paling banyak digunakan,

diantaranya adalah ACL

Membandingkan data yang dicopykan dan

diberikan client ke Auditor dengan data sumber
yang ada di sistem
Fasilitas audit sudah ada di dalam sistem
aplikasinya. Teknik ini memerlukan keterlibatan
Auditor dalam perancangan dan pengembangan
perangkat lunak
Auditor menggunakan program yang bisa
mengulang
pemrosesan
data
dengan
menggunakan data yang sama
Auditor memasukkan (bisa dikeluarkan lagi)
modul audit ke dalam sistem yang diperiksa.
Modul bisa mengidentifikasi transaksi sesuai
kriteria tertentu
Perangkat lunak paket yang bisa mengekstraksi
data dan menganalisisnya secara terpisah

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Computer Assisted Audit Techniques (CAATs)

Computer Assisted Audit Techniques (CAATs)
Beberapa teknik audit atomatis seperti generalised audit software,
utility software, test data, application software tracing and mapping, and
audit expert systems.
Generalised Audit Software
Suatu atau serangkaian program komputer yang dirancang khusus untuk
Melaksanakan fungsi-fungsi pengolahan data tertentu yang berkaitan
dengan audit yang mencakup membaca dokumen/file komputer, memilih
Informasi yang diharapkan, melakukan perhitungan-perhitungan serta
mencetak laporan-laporan dengan format sesuai dengan yang
dikehendaki oleh auditor

ACL
ACL

SQL
SQL

SAS
SAS

IDEA
IDEA

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

ACL Software

Karakteristik pemilihan CAATs tools adalah :

Ease of use
Ease of data extraction
The ability to access a wide variety of data files from
different platforms
The ability to integrate data with different format
The ability to define fields and select from standard
formats
Menu-driven functionality for processing analysis
commands
Simplified query building and adjustments
Logging features

Farida Hermana

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

What is data?

Bits and Bytes

Characters
ASCII and EBCDIC Characters
Fields/Data Elements; Records; Files/Tables/Datasets
Fixed-Length Records vs. Variable-Length Records
Data is Information

Contoh data file extensions:

.fil, .txt, .dat, .csv, .wks, .xls, .doc, .wpd, .dbf, .mdb,
datasets (mainframe), .db2 (mainframe)

Farida Hermana

ACL Software

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

How to Access the Data

Mainframe: Use data extract utilities (i.e. JCL/SYNCSORT) to access the
data and download it in an ASCII-compatible format for further analysis on
your PC.
Oracle or other relational databases from mid-range computers: Run a
query (SQL) to extract the relevant data and copy it down to an ASCIIcompatible format. Or, some database applications, such as Oracle and
PeopleSoft, have data extract or reporting utilities that you can run without
the need to ask for assistance from your IS Department (as long as
appropriate levels of access have been granted).
Data Warehouses/LANs/Microcomputers: Certain ASCII data files may
already be readily available, or queries may be run to obtain the data.
FTP (File Transfer Protocol): A utility used for transferring data from a
source system to your local system/environment.

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Tipe data yang diterima

Flat Sequential
Dbase
Text

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

ACL adalah :
Misalnya : nama terdiri dari nama awal dan nama
akhir. Alamat terdiri dari alamat1 dan alamat2
Dbase compatible seperti Foxpro, Visual Fox Pro,
clipper
Data berupa angka atau huruf

Delimited
Print Files

Data berisi file yang tidak mempunyai posisi tetap

dalam sebuah record

ODBC

Text file dalam bentuk laporan, berisi non data seperti

header. Sub header dan baris kosong

Tape

Access, Oracle

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Audit Command Language (ACL)

Features ACL offers:

Ease of use
Built-in audit and data analysis
functionality
Interactive interrogation capabilities
Unlimited file size capability
Ability to read multiple data types
High quality reporting features

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

The ACL Document

An ACL document contains batches, input file definitions,
indexes, views, and workspaces and their specified
formats. The computerized data and information that ACL
analyzes is called a data file. The data files never change.
The components shown in the document box below are the
elements that you create and manipulate

Audit Data

Farida Hermana

ACL Software

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

Menu Bar

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Button Bar
The button bar provides quick access to
commonly used commands and menu options.
Each icon is linked to an option on an ACL
menu and represents a specific task you can
perform.

Caats Selection

Audit Data

Farida Hermana

ACL Software

Aplikasi Komputer : Computer Assisted Audit Techniques

Matrikulasi MM Perbankan

IT Audit

Caats Method

Caats Selection

Audit Data

Farida Hermana

ACL Software

ACL https://www.youtube.com/watch?v=fG7KtBiZx
WY
IEDA https://www.youtube.com/watch?v=Pe3G0ah06
gg
Excel
https://www.youtube.com/watch?v=fVm7E-YGGWU