(19)Discuss different types of continues audit techniques?



Answer: Following are some of the types of continuous audit techniques:

(1)Snapshots:
  • In this technique, snaps (pictures) are taken of the transactions as transaction moves through various stages in the application system.
  • Both before -processing and after -processing images of the transactions are captured.
  • Auditor can verify the correctness of the processing by checking before-processing and after-processing images of the transactions.
  • In this technique, three important considerations are (i)location where snaps to be taken (ii)time of capturing snaps and (iii) reporting of snapshot data captured.

(2)Integrated Test Facility (ITF):
  • In ITF, dummy transactions are used in live environment.
  •  Auditor can enter dummy or test transactions and verify the processing and results of these transactions for correctness.
  • Example: A dummy asset of Rs. 100000/- is entered into system to verify whether same is being capitalized under correct head and depreciation is calculated properly as per correct rate. Subsequently this dummy transaction is removed after verification of system controls.
  •  In such cases the auditor must decide what would be the method to be used to enter test data and the methodology for removal of the effects of the ITF transactions.

 (3)System Control Audit Review File (SCARF):
  • SCARF stands for System Control Audit Review File.
  • In this technique an embedded (inbuilt) audit module is used to continuously monitor transactions.
  • This technique is used to collect data for special audit purpose.
  • Auditors then examine the information contained on this file to see if some aspect of the application system needs follow-up.
  • In many ways, the SCARF technique is like the snapshot technique along with other data collection capabilities.
(4)Continuous and Intermittent Simulation (CIS):
  • This technique is variation of SCARF technique.
  • This technique can be used whenever the application system uses the database management system (DBMS).
  •  DBMS reads the transaction which is passed to CIS. If transaction is as per selected criteria, then CIS examines the transaction for correctness.
  • CIS determines whether any discrepancies exist between the results it produces and those the application system produces.
  •  Such discrepancies are written to exception log file.
  • Thus, CIS replicates or simulates the application system processing.
  • Advantage of CIS is that it does not require modification to application system and yet provides online auditing capacity. 

(5)Audit Hooks:
  • When audit hooks are employed, auditors can be informed of suspicious transactions as soon as they occur.
  • This approach of real-time notification displays a message on the auditor’s terminal.
  • Criteria for suspicious transactions are designed by auditors as per their requirement.
  • For example, internal auditors at Insurance Company determined that their policyholder system was vulnerable to fraud every time a policyholder changed his or her name or address and then subsequently withdrew funds from the policy. They devised a system of audit hooks to capture such suspicious transactions.