PDF uden ophavsretligt beskyttede sider - Peter Havskov Christensen
PDF uden ophavsretligt beskyttede sider - Peter Havskov Christensen
PDF uden ophavsretligt beskyttede sider - Peter Havskov Christensen
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Materialesamling til edb-revision<br />
(j) Execute the CAAT application.<br />
(k) Evaluate the results.<br />
Controlling the CAAT Application<br />
18. The use of a CAAT should be controlled by the auditor to<br />
provide reasonable assurance that the audit objectives and<br />
the detailed specifications of the CAAT have been met, and<br />
that the CAAT is not improperly manipulated by the entity´s<br />
staff. The specific procedures necessary to control the use<br />
of a CAAT will depend on the particular application. In establishing<br />
audit control, the auditor should con<strong>sider</strong> the need<br />
to:<br />
(a) Approve the technical specifications, and carry out a<br />
technical review of the work involving the use of the<br />
CAAT.<br />
(b) Review the entity´s general EDP controls which may<br />
contribute to the integrity of the CAAT - for example,<br />
controls over program changes and access to computer<br />
files. When such controls cannot be relied upon<br />
to ensure the integrity of the CAAT, the auditor may<br />
con<strong>sider</strong> processing the CAAT application at another<br />
suitable computer facility.<br />
(c) Ensure appropriate integration of the output by the<br />
auditor into the audit process.<br />
19. Procedures carried out by the auditor to control audit software<br />
applications may include:<br />
(a) Participating in the design and testing of the computer<br />
programs.<br />
(b) Checking the coding of the program to ensure that it<br />
conforms with the detailed program specifications.<br />
(c) Requesting the entity´s computer staff to review the<br />
operating system instructions to ensure that the software<br />
will run in the entity´s computer installation.<br />
(d) Running the audit software on small test files before<br />
running on the main data files.<br />
(e) Ensuring that the correct files were used - for example,<br />
by checking with external evidence, such as control<br />
totals maintained by the user.<br />
(f) Obtaining evidence that the audit software functioned<br />
as planned for example, reviewing output and control<br />
information.<br />
(g) Establishing appropriate security measures to safeguard<br />
against manipulation of the entity´s data files.<br />
74