Regulation 18 — REGULATIONS_AUDIT
Original Rule Text
18. IT assisted audits (1) IT assisted audits involve the use of various IT tools including, but not limited to, traditional data analysis tools [also referred to as Computer Assisted Audit Techniques (CAATs)] and data analytics/ big data analytics for supporting the achievement of the audit objectives. (2) Such analysis or analytics is applied on data provided by the auditable entity, which may be available in a variety of structures and formats, as well as external or third party data. (3) Adequacy and effectiveness of IT and non IT controls for ensuring data integrity and non-repudiability of such data may be duly considered by the audit office, while examining the reliability of such data. (4) The insights which may be drawn from data analysis/ analytics include, but are not limited to, exceptions, trends, patterns, deviations, inconsistencies, and relationships among data elements identified through analysis, modelling or visualization, can be used while planning, conducting and reporting audits.
(5) Depending on the gaps in automation, the level of offline documentation, and the adequacy and effectiveness of controls, the reliability of findings through data analysis/ analytics may need to be validated through field examination and verification of a sample of cases.