Auditing Computer-Based Information Systems Essay


It is a quieting cognition to be responsible for the informations models reappraisal of an association that has a few hundred package applied scientists and testers, legion machines, and many records. Clearly, all associations are non this size. With the exclusion of the littlest associations, however, testers typically ca n’t perstructure an itemized cheque of all the information transforming did inside the information models capacity. Rather, they must depend on a specimen of information to calculate out if the marks of informations model reviewing are, no uncertainty attained. How, so, would we be able to execute informations models review so we get reasonable enfranchisement that an association protects its information preparing retentions, keeps up information reputability, and attains framework adequateness and productiveness? We begin by looking at the manner of controls and analyzing a few processs for rearranging and giving petition to the multifaceted nature experienced when makinig appraisal judgements on machine based informations models. Next we consider a part of the indispensable dangers judges face, how these dangers influence the general methodological analysis to a reappraisal and the kinds of reappraisal techniques used to study or command the degree these dangers. We so see the indispensable stairss to be attempted in the behaviour of a information model reappraisal. At last, we inspect a important pick judges must do when set uping and directing a information models review to be specific, the sum do they have to believe about the interior workings of a workstation based informations model before a powerful reappraisal could be directed

Importance of the survey

Data Systems ( IS ) are at that place to assist warrant associations that their every twenty-four hours operational exercisings are carried out cleanly. Therefore, hierarchal stakeholders put a illimitable step of hard currency in the organisation of these models. Besides, volumes of hierarchal information put away inside these models physiques on normal premiss. As the volume of information and the elaborateness of informations models build, concern supervisors expect informations models ( IS ) referees to acquire even more of import and thorough as these inspectors need to vouch that imaginable dangers that these IS may intrinsic are alleviated. A few reappraisal schemes had been presented by cosmopolitan inspecting guidelines and best patterns to be received by IS inspectors throughout their reappraisal battle as an instrument to vouch that this IS intrinsic dangers are alleviated. Subsequently, the use of Computer Aided Audit Techniques ( Caats ) was underlined. To the former point, this paper looked to look into IS inspectors ‘ propositions and behavior towards the usage and appropriation of Caats inside their reappraisal battles. The survey, underpinned by the Unified Theory of Acceptance and Use of Technology ( UTAUT ) , examined the use and choice of Caats by informations models referees inside a South African pecuniary bank and exhibited the theoretical system for use and appropriation of Computer Aided Audit Techniques by these inspectors.

We will write a custom essay sample on
Auditing Computer-Based Information Systems Essay
or any similar topic only for you
Order now

Literature Review

The Concept of Computer Audit

inward reappraisal is seen as a constituent of the ICS, which is usually situated up by the disposal of an association as a free scrutiny unit inside the association accused of the duty of inspecting, measuring, appraising and describing consequences acquired on the operations of the clerking and interior control models. Machine reappraisal, so once more alludes to measuring in Electronic Data Processing ( EDP ) model, or the use of workstation and IT scheduling in the behaviour of reappraisal.

Methodologies to Computer Audit

There are two general methodological analysiss to reexamining EDP models, to be specific measuring around the machine and inspecting through the workstation.

Auditing around the Computer

Reviewing “ around ” the machine includes wide testing of the inputs and outputs of the EDP model and practically no testing of managing or workstation equipment. This methodological analysis includes no trials of the machine undertakings and no judge use of the workstation. Analyzing “ around ” the machine relies on upon an obvious, traceable, difficult extra reappraisal trail made of physically ready and workstation arranged studies.

Auditing through the Computer

Analyzing through the machine includes wide testing of workstation equipment and scheduling. This methodological analysis comprises of analyzing the machine managing model or information created by the model to calculate out the sum dependance could be set on the different inner controls modified into the model. This includes the use of trial information where the judge readies an agreement of fanciful minutess ; immense Numberss of those minutess will keep purposeful failures. The tester inspects the consequences and figures out if the oversights were caught by the client ‘s model. This is helpful despite the fact that there may be failings of the ( I ) chance of unplanned connection of invented and echt information, ( two ) agreement of trial information that inspects all parts of the proviso is troublesome, and ( three ) the issue of vouching that the undertaking being tried is the one truly utilised as a portion of everyday handling

Schemes for analyzing through the workstation are ( one ) Parallel diversion ( the referee composes a machine plan that imitates some piece of the client ‘s model. At that point the judge ‘s undertaking is utilised to treat existent client information, in conclusion the consequences from the inspector ‘s system and that of the client ‘s standard transforming are looked at.

Reviewing With the Computer

An alternate methodological analysis to workstation reappraisal ( which by and big is considered as an expansion of reexamining through the machine ) is called measuring with the machine. This includes the use of Caats to complete the reappraisal in the most adept and powerful manner. The testers might likewise perform information extraction dissects. Accessible Caats are as takes after:

( I ) ca-Easytrieve ( Computer Associates )

–Works in UNIX or LAN ( indispensable centralized waiters )

–uses a foundation idiom like COBOL

( two ) sas- Statistical probe

–Data excavation

( three ) ACL

Machine helped Auditing

The merchandise undertakings and helps accessible to judges are as takes after:

( I )Commercial general use programming — Spreadsheet undertakings, for illustration, Microsoft Excel might be utilized for probe or for inspecting. Word-preparing undertakings, for illustration, Microsoft Word are valuable for outlining announcements or acquire ready studies and letters. Practical capacities of Generalized Auditing Software ( GAS ) include: File entree ; File redesign ( screening and uniting ) ; Filtering ( Boolean decision makers: = , & A ; gt ; = , & A ; lt ; = , & A ; lt ; & A ; gt ; , AND, OR, and so on. ) ; Statistical ( specimen picks ) ; Arithmetic ; Stratification ; File creative activity and Reporting.

( two ) Pre-constructed spreadsheet layouts — Hearers often utilize prebuilt spreadsheet formats ( for case, theoretical account working documents and money related articulations ) .

( three )Particular use scheduling —There are a few requisitions in inspecting — one requisition created in the United States by KPMG LLP could be utilized to study the collectability of bank credits. Maestro models are continuously produced for reappraisal arrangement and for appraising EDP controls.

( four ) Custom undertakings — These alone undertakings are composed by testers to reexamine peculiar districts.

( V )Working paper programming — Almost all unfastened clerking houses now utilize working paper scheduling created either in-house or bought from an outside merchandiser ( for case, Caseware ) . The acquired scheduling may be adjusted with peculiar formats or electronic constructions to acquire ready working documents and letters, for illustration, avowals, battle, and disposal letters. The rule ground for working paper scheduling is to computerise appraisals, and to boot to execute the carryforward capacities, for illustration, passing from diary entrywaies and worksheets to working documents, lead sheets, test equalisations, and money related articulations.

( six )Networked paperss — Adopting advanced developments permits a few judges to work freely on diverse countries of the reappraisal on their smart phones up to a system. The system persistently coordinates their work with an adept on the job paper papers and continues working paper mentions and indexing discovery. Allies in diverse countries can ease their work by directing one another extras of their spot of the reappraisal record, while directors can test progress and give sentiment without being physically display at the reappraisal location ( s ) . This option gives unbelievable adaptability in set uping the coaction.

( seven ) Standardized archive formats — The use of institutionalised layouts gives a typical beginning phase to all records. A database of formats could be valuable in tweaking studies, for illustration, inner control polls, reappraisal undertakings, and specimen letters. Connections can to boot be secured to different databases or even to sites so that information or information from these beginnings could be cross-referenced or exchanged to the working documents. Therefore different staff every bit good as different wellheads of informations might be incorporated to assist the rhenium


Workstation models are adept and attain comes about exactly and at unbelievable gait on the off opportunity that they work the manner they are intended to. They have controls gave to vouch this nevertheless the controls must be obliging. The controls are of extraordinary regard in any mechanised model and it is an indispensable assignment for an tester to see that satisfactory controls exist, every bit good as work adequately to vouch comes approximately and accomplish finishs. Additionally controls ought to be proportionate with the danger evaluated in order to diminish the consequence of distinguished dangers to satisfactory degrees. Controls in a machine information model reflect the attacks, techniques, drills and important constructions intended to give reasonable avowal that finishs will be attained. The controls in a machine model warrant adequateness and effectivity of operations, dependableness of pecuniary coverage and agreeableness with the criterions and ordinances.

Data model controls are extensively ordered into two general categories:

• General Controls

• Application controls

General controls incorporate controls over server farm operations, model scheduling procurance and upkeep, entree security, and requisition model promotion and support. They make nature in which the requisition models and proviso controls work. Cases incorporate IT agreements, rules, and regulations associating to IT security and information insurance, requisition programming promotion and alteration controls, isolation of duties, disposal coherency set uping, IT anticipate disposal, and so


Despite the fact that workstation supported examining is accentuated as critical and unreplaceable by heading associations in informations models measuring ( ISACA ) , United States pull offing an history industry ordinance ( Federal Reserve Bank ) , purported „central bank of national Bankss ” ( Bank for International Settlements ) and assorted other ordinance powers, loosely acknowledged process is still non created.

Furthermore, workstation supported analyzing systems are utilised within bing scheduling setups. Techniques executed in workstation helped inspecting scheduling are genuinely far making in figure and manners of use. Notwithstanding, there is no predefined process which could all the more perfectly guide inspector while executing reappraisals. As a consequence, every referee picks set of schemes for each one reappraisal motion, utilize them in diverse groupings and makes typical decisions. This methodological analysis makes workstation supported analyzing programming non powerful plenty since reappraisal exercisings focused around such scheduling without use of scheme are subjective ( contingent upon referee ‘s determination ) , divergent, non standard and non-practically designation


Albeit extended figure of modus operandis and associating machine aided reviewing instruments are connected in pattern, no peculiar scheme has been produced. Assorted judges use diverse modus operandis inside typical methods, stairss and accomplishment. Positively, such attack has assorted failings conveying about missing reappraisal exercisings, as it is portrayed once in this paper.

Besides, in accessible composing no meta-model of general CAISAM is produced. Such meta-model ought to be a premiss for promotion of any peculiar CAISAM. Along these lines, foremost errand that ought to hold been finished to sketch doctrine was advancement of meta-model of CAISAM.

As a regulation, meta-model is a theoretical account of metadata about certain country. Meta exposing involves scrutiny and development of theoretical accounts relevant and valuable to some country of issues. A theoretical account is a sort of contemplation of peculiar echt country, while meta-model is more elevated sum deliberation which underscores qualities of all theoretical accounts construction peculiar certified infinite.


This paper exhibited the applied skeleton for use and choice of Computer Aided Audit Techniques by informations models inspectors. The exact qualitative and quantitative information gathered demonstrated an exceptionally positive connexion between the propose skeleton physiques and the ward variables ( propositions to use Caats ) . Despite the fact that, the survey had a restraint on the specimen estimation and could n’t blanket all Information models inspectors working in money related Bankss in South Africa, future scrutiny could use a greater illustration size that will break reflect IS reexamining and appropriation of Caats, in South African pecuniary Bankss.



Hi there, would you like to get such a paper? How about receiving a customized one? Check it out