*** Welcome to piglix ***

Computer-aided audit tools


Computer-assisted audit techniques (CAATs) or computer-assisted audit tools and techniques (CAATTs) is a growing field within the IT audit profession. CAATs is the practice of using computers to automate the IT audit processes. CAATs normally includes using basic office productivity software such as spreadsheet, word processors and text editing programs and more advanced software packages involving use statistical analysis and business intelligence tools. But also more dedicated specialized software are available (see below).

CAATs have become synonymous with data analytics in the audit process.

The traditional method of auditing allows auditors to build conclusions based upon a limited sample of a population, rather than an examination of all available or a large sample of data.

CAATTs, not CAATs, addresses these problems. CAATTs, as it is commonly used, is the practice of analyzing large volumes of data looking for anomalies. A well designed CAATTs audit will not be a sample, but rather a complete review of all transactions. Using CAATTs the auditor will extract every transaction the business unit performed during the period reviewed. The auditor will then test that data to determine if there are any problems in the data.

Another advantage of CAATTs is that it allows auditors to test for specific risks. For example, an insurance company may want to ensure that it doesn't pay any claims after a policy is terminated. Using traditional audit techniques this risk would be very difficult to test. The auditor would "randomly select" a "statistically valid" sample of claims (usually e if any of those claims were processed after a policy was terminated. Since the insurance company might process millions of claims the odds that any of those 30–50 "randomly selected" claims occurred after the policy was terminated is extremely unlikely.

Using CAATTs the auditor can select every claim that had a date of service after the policy termination date. The auditor then can determine if any claims were inappropriately paid. If they were, the auditor can then figure out why the controls to prevent this failed. In a real life audit, the CAATTs auditor noted that a number of claims had been paid after policies were terminated. Using CAATTs the auditor was able to identify every claim that was paid and the exact dollar amount incorrectly paid by the insurance company. Furthermore, the auditor was able to identify the reason why these claims were paid. The reason why they were paid was because the participant paid their premium. The insurance company, having received a payment, paid the claims. Then after paying the claim the participant's check bounced. When the check bounced, the participant's policy was retrospectively terminated, but the claim was still paid costing the company hundreds of thousands of dollars per year.


...
Wikipedia

...