Information Technology Reference
In-Depth Information
material weakness in the controls, might decide to conduct further investigations by ana-
lysing data for errors or misposting.
CAATs can be used to analyse large amounts of data. The IS auditor does not need to take
a sample but can use 100 per cent of the data because of the use of powerful worksta-
tions such as desktops and laptops we have at our disposal. IS auditors also have access to
powerful servers which can be used to carry out analytics on large volumes of data.
The audit objective for CAATs is to check for errors in the data extracted from an applica-
tion system. A skilled auditor or expert can use CAATs to investigate fraud or errors in data
extracted. The IS auditor using CAATs software can make a thorough analysis, put pieces
of data together, and report significant findings if the data contains errors or incorrect in-
formation.
ISACA has developed guidelines for carrying out IS audits using CAATs. Tools which can
be used to perform CAATs include ACL, IDEA, and Excel. CAATs can be conducted by IS
auditors but require special analysis skills where large and complex data is involved.
Specialist Qualifications and Competencies
The specialist IS auditors are auditors who are, for example, CISA, CIA, or hold other IS
audit qualifications. They also hold additional qualifications and competencies in specif-
ic areas of information systems. In most cases, these professionals would be what ISACA
standard 1204.1 defines as other experts who are called to assist on an IS audit by provid-
ing skills and competencies not available on the IS audit team.
It is desirable that experts invited to assist the IS audit team have adequate competencies in
order to achieve the engagement objectives. You may have noticed throughout our discus-
sion in this chapter that we have referred to various competencies required to successfully
perform an audit as an expert. Experience in previous audits should be considered as a good
indicator of knowledge and skills required to successfully perform an IS audit. IS auditors
who have had experience in similar audits are likely to be successful than those who have
no previous background in providing IS auditing services in a particular specialist field.
Experts need to show their level of training on a particular system they have been selected
to audit through their qualifications. Industry certifications are such qualifications which
can be used to show the level of training. Enterprises such as Microsoft, CISCO, Oracle,
and SAP do provide training in their products for which candidates can be certified by sit-
ting for examinations. The certification examinations are set at various levels from associ-
ate level to expert level.
Remember that it is the responsibility of the IS audit team to evaluate the qualifications and
competencies of the experts who are providing professional services to the IS audit team.
Evaluation of other experts can be based on qualifications, product skills, and experience.
Search WWH ::
Custom Search