F8：Audit Software（二）

ACCA F8主要内容：Audit Software

4 Embedded

Audit routines built into an entity's computer system to provide data for later use by the auditor (both internal and external).

Can have similar functionality to bespoke systems (e.g. designed to meet internal audit requirements) or have specialist functionality. For example:

Snapshots: routines are embedded at different points in the processing logic to capture images of the transaction as it goes through the various stages of the processing. The technique allows the auditor to track data and evaluate the computer processes applied to it.

System Control Audit Review File (SCARF) provides continuous monitoring of the system's transactions using audit software modules embedded in an application system.

Information is collected into a special computer file for the auditor to examine.

Tagging: Transactions that meet parameters set by the auditor are spotted and recorded for subsequent audit review.

Can be historic or real time (24/7) auditing. External auditors can have access to their embedded systems through a secure extranet. Such systems are commonly used where 24/7 assurance is required by an independent party.

4.1 Advantages

Provides continuous monitoring in real time.

Helps to conduct the audit in a timely manner as it allows the auditor to perform tests while the data is being processed by the client.

Surprise test capability as client's users are unaware of the evidence when it is collected.

Can be used when the audit trail is less visible and the costs or errors and irregularities are high.

4.2 Disadvantages

May require the auditor to have had access to the clients' systems to develop the embedded audit module.

Requires clients to have relatively stable application systems.

5 Uses (Not Exhaustive)

What can be done with data in a DBMS (e.g. access) can be done with audit software.

Everything done in a manual audit in selecting, analysing and sorting data can be done also using audit software.

6 Precautions

Client's data must not be corrupted or damaged.

Data used for testing must be complete and accurate and identical to, if not the same as, files currently used by the client.

Audit software must be updated for developments in the client's applications.