Para 3.22.16 — MSO (Audit)

MSO (Audit)mso-audit

3.22.16 IT audit techniques refer to the use of computers, including software, as a tool to independently test computer data of interest to Audit. The following are some of the wellestablished techniques:
(i) Collection and processing of a set of test data that reflect all variants of the data and errors which can arise in an application system at different times.
(ii) Use of integrated test facilities, built into the system by the auditee, to assist the auditor in his requirements, as one of the users of the system.
(iii) Simulation of the auditee's application programs using audit software to verify the results of processing.
(iv) Periodical review of programme listings in order to verify that the programmes have not been altered unauthorisedly.
(v) Use of either commercial software or programmes developed in-house to interrogate and retrieve data applying selection criteria and to perform calculations.
(vi) Extraction of data samples from the database/files of the auditee, using sampling techniques, for post analysis and review. The sampling technique to be employed is determined by the nature of data and type of analysis required.

What This Means

IT audit techniques involve using computers as independent tools to test the auditee's data. These include processing test data with all possible error variants, using built-in test facilities, simulating the auditee's programmes with audit software, reviewing programme listings for unauthorised changes, using commercial or in-house software to query and retrieve data, and extracting data samples for analysis using appropriate sampling techniques.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Key Points

1Test data sets should cover all variants of data and errors that can arise
2Integrated test facilities built into systems can assist auditors
3Simulation of auditee's programmes verifies processing accuracy
4Periodical review of programme listings detects unauthorised changes
5Commercial or in-house software can query and extract data with selection criteria
6Sampling techniques appropriate to the data nature should be used for extraction

Practical Example

An IT auditor reviewing a property tax calculation system uses three techniques: first, they submit test data covering every type of property (residential, commercial, vacant land) with deliberately introduced errors to see if the system catches them. Second, they use audit software to simulate the tax calculation for 1,000 actual properties and compare results with the system's output. Third, they review the programme source code and discover an unauthorised modification that exempted a specific ward from a surcharge.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Frequently Asked Questions

What is an integrated test facility?▼

An integrated test facility (ITF) is a feature built into a computer system that allows auditors to process test transactions alongside real transactions. The test transactions go to a dummy account, enabling auditors to verify processing without disrupting live operations.

Why review programme listings periodically?▼

Unauthorised changes to programme code can introduce fraud, bypass controls, or cause errors. Periodic review ensures that the programmes running in production match the authorised versions and no tampering has occurred.

How is the sampling technique determined?▼

The sampling technique depends on the nature of the data (financial vs non-financial), the type of analysis required (trend analysis, exception testing, etc.), and the volume of data. Statistical sampling is preferred for drawing conclusions about the entire population.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Para 3.22.16 — MSO (Audit)

Original Rule Text

What This Means

Key Points

Practical Example

Frequently Asked Questions

Related Rules