PART 9 – CISA Domain 3 – Information Systems Acquisition, development and implementation
- What are the online audit techniques?
- Systems Control Audit Review and Embedded Audit Modules (SCARF/EAM)
- Audit Hooks
- Integrated test facility (ITF)
- Continuous and intermittent simulation (CIS)
Online auditing techniques:
- Systems Control Audit Review File and Embedded Audit Modules (SCARF/EAM) –The use of this technique involves embedding specially written audit software in theorganization’s host application system so the application systems are monitored on a selective basis
- Snapshots – This technique involves taking what might be termed pictures of the processing path that a transaction follows, from the input to the output stage.
- Audit hooks – This technique involves embedding hooks in application systems to function as red flags and to induce IS security and auditors to act before an error or irregularity gets out of hand.
- Integrated test facility (ITF) – It creates a fictitious entity in a database to process test transactions simultaneously with live input. It can be used to incorporate test transactions into a normal production run of a system.
- Continuous and intermittent simulation (CIS) – This means that the simulation is notified about each transaction that is entered to the application and accesses to database by the DBMS
|Points to remember:
- An online auditing techniques is most effective for the early detection of errors or irregularities – Audit hooks
- Generalized audit software (GAS) – Used by IS auditor to detect duplicate invoice records within an invoice master file
Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7, Part 8, Part 9