[...]... and Responsibility of Internal Audit 83 Risk Factors 84 Detecting Fraud 85 Determining the Exposure to Fraud 86 SOX Software 88 Assessment of IT Controls and Risks 90 Defining the Scope 92 GAIT Principles 93 Governance, Risk Management, and Compliance (GRC) 94 Internal Audit’s Role in the GRC Process 97 Identifying and Assessing Management’s Risk Management Process 99 Assessment of Internal Control Processes... component of continuous auditing is continuous control assessment: audit activities that identify whether key controls are working properly Through continuous control assessments, individual transactions are monitored against a set of control rules to determine if the internal controls are functioning as designed and to highlight exceptions Assessing a well-defined set of control rules allows auditors to... GRC activities to make them more efficient, effective, dependable, and legally sound Internal audit can use technology to perform independent assessments of the management GRC processes—to determine whether there is reasonable assurance that the overall goals and objectives of the organization will be met To do this, internal auditors must consider emerging areas of risk, the effectiveness of management’s... are just two of the many excuses we hear for not capitalizing on the power of the computer However, we cannot afford to ignore the productivity gains that can be achieved through the proper use of information technology The use of automation in the audit function—whether it is for the administration of the audit organization or tools employed during the conduct of comprehensive audits—has become a requirement,... picture Automation has found its way into our homes, schools, and the workplace—now is the time to welcome it into the audit organization This book discusses microcomputer-based audit software, but the techniques and concepts are equally applicable to mainframe and minicomputer environments Examples of software packages are provided, but the focus is on the discussion of an approach to using automation. .. the discussion of an approach to using automation to assist in performing various audit tasks rather than the identification of specific audit software packages Throughout this book, Computer-Assisted Audit Tools and Techniques (CAATTs) and audit automation are meant to include the use of any computerized tool or technique that increases the efficiency and effectiveness of the audit function These include... increases available through the adoption and use of CAATTs in the administration of the audit organization and in audit planning and conduct IS auditors wishing to expand their knowledge of newer tools and approaches, particularly in the microcomputer environment Persons with responsibility to implement automated tools and techniques within their operations This book is designed to lead auditors through the... lead auditors through the steps that will allow them to embrace audit automation It is written to help the audit manager improve the functioning of the audit organization by illustrating ways to improve the planning and management of audits It is also written with the individual auditor in mind by presenting case studies on how automation can be used in a variety of settings It is hoped that this book... still using embedded audit modules (Institute of Internal Auditor’s Research Foundation [1991]) Audit Software Developments The first audit software package, the Auditape System, which implemented Stringer’s audit sampling plan (Tucker [1994]), already provided limited P1: OTA/XYZ P2: ABC c01 JWBK297-Coderre October 5, 2008 8 15:15 Printer Name: Yet to Come Internal Audit capabilities for parallel simulation... the scope and reliability of audit tests The use of data analytics also gives auditors an independent view of the business systems, the individual financial transactions, and the key financial controls Through continuous auditing, auditors can highlight anomalies, control deficiencies, and unusual trends T xvii P1: OTA/XYZ P2: ABC FM JWBK297-Coderre xviii October 16, 2008 13:3 Printer Name: Yet to Come . opportunities for internal auditors throughout the world. The IIA also certifies professionals through the globally recognized Certified Internal Auditor R  (CIA R  ),. Congress Cataloging-in-Publication Data: Coderre, David G. Internal audit : efficiency through automation / David Coderre. p. cm. Includes bibliographical