Session 3: Computer Assisted Audit Tools and Techniques (CAATTs)

1
Session 3 Computer Assisted Audit Tools and
Techniques (CAATTs)

• Presented by
• Nancy Bennison Australian National University
• Donna Webster Australian National University
• Yoon-Jin Park Australian National University

2
Computer Assisted Audit Tools and Techniques

• Nancy Bennison
• Donna Webster
• Yoon-Jin Park

3
Presentation Overview

• What are CAATTs?
• Benefits
• CAATTs at ANU
• Case Studies
• Lessons Learnt

4
What are CAATTs?

• Computer Assisted Audit Tools and Techniques
• The use of any computerised tool or technique
  which increases the efficiency and effectiveness
  of the audit function

5
Benefits

• Why are CAATTs useful?
• Management of control deficiencies and risk
• Investigation of 100 data population
• Identifies business improvement opportunities
• Improves data integrity
• Fraud detection mechanism and
• Cost effective.

6
CAATTs at the ANU

• ANU uses Audit Command Language (ACL) software
• Program commenced January 2010
• Program focuses on 3 key areas to start with
• Purchase to Pay Process (Vendors, Purchasing,
  Payment)
• HR Processes (Payroll, Leave)
• Management Requested (key account validation)
• First year program designed to trial ACL tests
  program is WIP
• Reports provided to the Executive Director,
  Administration Planning, CFO and the Audit
  Risk Management Committee

7
CAATTs at the ANU

8
CAATTs at ANU



Area Process Risks Tests Testing Interval (A/H/Q) Month for Testing System Module
Purchase to Payment 1.1 Vendor Management Potential duplicate, incomplete or inaccurate vendor records in the vendor master file which can lead to incorrect payments. Test for duplicate vendor records. Q May VM/AP
Purchase to Payment 1.2 Purchasing Duplicate Purchase Order may have been made which can lead to incorrect payments. Identify duplicate transactions (purchase order amount , quantity, date and Vendor ID with the same/different payment date). H Jun PO/AP
Purchase to Payment 1.3 Invoicing Bills may have been processed to illegitimate vendors. Match vendors on invoices against the vendor master file and prohibited vendors list (if maintained). H Jul Vou/AP
Purchase to Payment 1.4 Payment Segregation of Duties may not have been applied to all processes. Match user ID from each step. H Aug PY/AP

• Example Annual Program

9
CAATTs at ANU

• Example Monthly Report

RMAO CONTINUOUS MONITORING PROGRAM June 2010 1.
Objectives i. To analyse whether there is
fraudulent amendment between purchase order and
voucher information and ii. To identify
duplicate and split transactions. 2. Test Results
Description Risks Impacts Findings Inherent risk Test Status
Purchasing Identify potential cases of split purchase orders where accumulated figures exceed the delegates limit. (Jul 2009 - Jun 2010) Purchases may be split over several purchase orders raised within 7 days apart. Split transactions may be used to avoid procurement requirements (e.g. obtain competitive quotes and comply with delegation limits). RMAO found potential split transactions (out of purchase order records analysed). Further inquiries determined there were no instances of split transactions CR4 In Progress
10
Case Studies

• Case Study 1 Payment
• Testing Objective Identify duplicate payments to
  same vendors
• Obtain vendor records and payment records for the
  relevant period.
• Run Duplicate on Invoice number, Invoice Date
  and Amount, then find transactions with same
  vendors with different ID.

11
Case Studies

• Case Study 2 Expense Management (Purchase Card)
• Testing Objective Look for double-dipping
  instances
• Obtain HR Per Diem records and Purchase Card
  reports.
• Run 'JOIN' on two files by a unique identifier
  'Uni ID'.
  Add a column
  to show 'AGE (Pay calendar, Transaction date)'.
  
  Again, using a function
  tab, find AGE lt 31.
• Match travel allowance to meals purchased during
  same trip using purchase card

12
Business Improvements Arising from Testing
Lessons Learnt

• Cooperation with Vendor Maintenance team
• Data input errors (e.g. extra spaces, transposed
  numbers, input format)
• Awareness about use of purchase cards (e.g.
  limits, appropriate purchases, timely acquittal)
  and
• Awareness that we are now looking at a range of
  transactions.

13
Lessons Learnt

• Design
• Limitations on data
• Due care with confidential data
• Share the plan with business units early
• Implementation
• Time taken for data request / extraction
• Further investigation required
• Reporting
• Reporting and follow-up
• Manage expectations of business units and Audit
  Committee

14
References

1 CAATTs and Other BEASTs for Auditors David G. Coderre
2 Continuous Auditing Global Technology Auditing Guide The IIA
3 Continuous Controls Monitoring A Case Study with Talecris Danielle Lombardi and Miklos A. Vasarhelyi, Ph.D.
4 Continuous Auditing and Continuous Monitoring Transforming Internal Audit and Management Monitoring to Create Value KPMG
5 Continuous Monitoring and Auditing What is the difference? John Verver (Protiviti)
6 Continuous Monitoring Electronic Corporate Governance Jack Crawford (Enterprise Risk Technologies Pty Ltd)
7 A Short Guide to Fraud Risk Fraud Resistance and Detection Martin Samociuk and Nigel Iyer (Edited by Helenne Doody)
15

• Thank you.
• Any questions?