IT Auditing & Assurance, 2e, Hall & Singleton

Chapter 8:CAATTs for Data

Extraction and Analysis

IT Auditing & Assurance, 2e, Hall & Singleton

IT Auditing & Assurance, 2e, Hall & Singleton

DATA STRUCTURES

Organization

Access method

IT Auditing & Assurance, 2e, Hall & Singleton

SEQUENTIALISAM

RANDOM

INDEX File

DATA File

SEQUENTIALRANDOM

Data Organizatio

n

HashingPointers

Access:Index Methods

Access:Non-IndexMethods

IT Auditing & Assurance, 2e, Hall & Singleton

FILE PROCESSING OPERATIONS

1. Retrieve a record by key

2. Insert a record

3. Update a record

4. Read a file

5. Find next record

6. Scan a file

7. Delete a record

Individual Records

Table 8-1

IT Auditing & Assurance, 2e, Hall & Singleton

DATA STRUCTURES Flat file structures

Sequential structure [Figure 8-1]All records in contiguous storage spaces in

specified sequence (key field)Sequential files are simple & easy to processApplication reads from beginning in sequenceIf only small portion of file being processed,

inefficient methodDoes not permit accessing a record directlyEfficient: 4, 5 – sometimes 3Inefficient: 1, 2, 6, 7 – usually 3

IT Auditing & Assurance, 2e, Hall & Singleton

DATA STRUCTURES

Flat file structures Indexed structure

In addition to data file, separate index file

Contains physical address in data file of each indexed record

IT Auditing & Assurance, 2e, Hall & Singleton

DATA STRUCTURES Flat file structures

Indexed random file [Figure 8-2]Records are created without regard to

physical proximity to other related recordsPhysical organization of index file itself may

be sequential or randomRandom indexes are easier to maintain,

sequential more difficultAdvantage over sequential: rapid searchesOther advantages: processing individual

records, efficient usage of disk storageEfficient: 1, 2, 3, 7Inefficient: 4

IT Auditing & Assurance, 2e, Hall & Singleton

DATA STRUCTURES Flat file structures

Indexed Sequential Access Method (ISAM) [Figure 8-3]Large files, routine batch processingModerate degree of individual record processingUsed for files across cylindersUses number of indexes, with summarized contentAccess time for single record is slower than Indexed

Sequential or Indexed RandomDisadvantage: does not perform record insertions efficiently

– requires physical relocation of all records beyond that point – SOS

Has 3 physical components: indexes, prime data storage area, overflow area [Figure 8-4]

Might have to search index, prime data area, and overflow area – slowing down access time

Integrating overflow records into prime data area, then reconstructing indexes reorganizes ISAM files

Very Efficient: 4, 5, 6Moderately Efficient: 1, 3 Inefficient: 2, 7

IT Auditing & Assurance, 2e, Hall & Singleton

1960 1970 1980 1990

Legacy systems

Legacy systems

DBMS etc.

EVOLUTION OF ORG./ACCESS METHODS

IT Auditing & Assurance, 2e, Hall & Singleton

Inefficient

Access entire files

Efficient

Access single records

IT Auditing & Assurance, 2e, Hall & Singleton

Employs algorithm to convert primary key into physical record storage address [Figure 8-5] No separate index necessary Advantage: access speed Disadvantage

Inefficient use of storage Different keys may create same

address Efficient: 1, 2, 3, 6 Inefficient: 4, 5, 7

HASHING STRUCTURE

IT Auditing & Assurance, 2e, Hall & Singleton

Stores the address (pointer) of related record in a field with each data record [Figure 8-6] Records stored randomly Pointers provide connections b/w records Pointers may also provide links of records b/w files

[Figure 8-7] Types of pointers [Figure 8-8]:

Physical address – actual disk storage location• Advantage: Access speed• Disadvantage: if related record moves, pointer must be changed

& w/o logical reference, a pointer could be lost causing referenced record to be lost

Relative address – relative position in the file (135th)• Must be manipulated to convert to physical address

Logical address – primary key of related record• Key value is converted by hashing to physical address

Efficient: 1, 2, 3, 6 Inefficient: 4, 5, 7

POINTER STRUCTURE

IT Auditing & Assurance, 2e, Hall & Singleton

Hierarchical & network structures [Figure 8-9] Uses explicit linkages b/w records to

establish relationship Figure 8-9 is M:N example

Relational structure Uses implicit linkages b/w records to

establish relationship: foreign keys / primary keys

DATABASE STRUCTURES

IT Auditing & Assurance, 2e, Hall & Singleton

Relational Database: “table” – rows and columns

IT Auditing & Assurance, 2e, Hall & Singleton

Relational Records: “Foreign Keys” in one record establishes relationships to related records in other files.

INVOICES

CUSTOMERS

INVENTORY

IT Auditing & Assurance, 2e, Hall & Singleton

Relational structure User views

Data a particular user needs to achieve his/her assigned tasks

A single view, or view without user input, leads to problems in meeting the diverse needs of the enterprise

Trend today: capture data in sufficient detail and diversity to sustain multiple user views

User views MUST be consolidated into a single “logical view” or schema

Data in the logical view MUST be normalized

DATABASE STRUCTURES

IT Auditing & Assurance, 2e, Hall & Singleton

Relational structure Creating views

Designing output reports, documents, and input screens needed by users or groups

Physical documents help designer understand relationships among the data

• 3 user views: Table 8-2, Figure 8-12, Table 8-3

Then apply normalization principles to the conceptual user views to design the database tables

DATABASE STRUCTURES

IT Auditing & Assurance, 2e, Hall & Singleton

Relational structure Importance of data normalization

Critical to success of DBMS Effective design in grouping data Several levels: 1NF, 2NF, 3NF, etc. Un-normalized data suffers from:

• Insertion anomalies• Deletion anomalies• Update anomalies

One or more of these anomalies will exist in tables < 3NF

DATABASE STRUCTURES

IT Auditing & Assurance, 2e, Hall & Singleton

Relational structure Normalization process

Un-normalized data [Table 8-4] Eliminates the 3 anomalies if:

• All non-key attributes are dependent on the primary key

• There are no partial dependencies (on part of the primary key)

• There are no transitive dependencies; non-key attributes are not dependent on other non-key attributes

“Split” tables are linked via embedded “foreign keys”

Normalized database tables examples: Figures 8-13, 8-14

DATABASE STRUCTURES

IT Auditing & Assurance, 2e, Hall & Singleton

Relational structure Creating physical tables

Created on paper so far Then create physical files and populate data Physical views can be produced from DBMS

Query function Allows users to create customized lists from database Users stipulate, using English-like commands, which tables,

records, fields, filtering criteria needed to produce the desired list

Result is virtual table derived from actual database tables SQL

• SELECT, FROM, WHERE [Figure 8-16]• De facto standard query language

DATABASE STRUCTURES

IT Auditing & Assurance, 2e, Hall & Singleton

Relational structure Auditors and data normalization

Database normalization is a technical matter that is usually the responsibility of systems professionals.

The subject has implications for internal control that make it the concern of auditors also.

Most auditors will never be responsible for normalizing an organization’s databases; they should have an understanding of the process and be able to determine whether a table is properly normalized.

In order to extract data from tables to perform audit procedures, the auditor first needs to know how the data are structured.

DATABASE STRUCTURES

IT Auditing & Assurance, 2e, Hall & Singleton

Identify important transactions live while they are being processed and extract them [Figure 8-18] Examples

Errors Fraud Compliance

• SAS 78, SAS 94, SAS 99 / S-OX

EMBEDDED AUDIT MODULE

IT Auditing & Assurance, 2e, Hall & Singleton

Disadvantages: Operational efficiency – can decrease

performance, especially if testing is extensive

Verifying EAM integrity - such as environments with a high level of program maintenance

Status: increasing need, demand, and usage of COA/EAM/CA

EMBEDDED AUDIT MODULE

IT Auditing & Assurance, 2e, Hall & Singleton

Brief history Most widely used CAATT [Figure 8-19] Usages include:

1) Footing and balancing entire files or selected data items (e.g., extending inventory)

2) Selecting and reporting detail data3) Selecting stratified statistical samples from data files4) Formatting results into audit reports (auto work papers!)5) Printing confirmations6) Screening / filtering data7) Comparing multiple files for differences8) Recalculating values in data

GENERALIZED AUDIT SOFTWARE

IT Auditing & Assurance, 2e, Hall & Singleton

Popular because:1. GAS software is easy to use and requires

little computer background2. Many products are platform independent,

works on mainframes and PCs3. Auditors can perform tests independently

of IT staff4. GAS can be used to audit the data

currently being stored in most file structures and formats

GENERALIZED AUDIT SOFTWARE

IT Auditing & Assurance, 2e, Hall & Singleton

Simple structures [Figure 8-19] Complex structures [Figures 8-20, 8-21] Auditing issues:

Auditor must sometime rely on IT personnel to produce files/data

Risk that data integrity is compromised by extraction procedures

Auditors skilled in programming better prepared to avoid these pitfalls

GENERALIZED AUDIT SOFTWARE

IT Auditing & Assurance, 2e, Hall & Singleton

ACL is a proprietary version of GAS Leader in the industry Designed as an auditor-friendly meta-

language (i.e., contains commonly used auditor tests)

Access to data generally easy with ODBC interface

ACL

IT Auditing & Assurance, 2e, Hall & Singleton

See ACL tutorial #1 Input file definition Customizing a view

[Figure 8-23] Filtering data

[Figures 8-24 thru 8-27] Stratifying data [Figure 8-28] Statistical analysis

ACL

IT Auditing & Assurance, 2e, Hall & Singleton

Chapter 8:CAATTs for Data

Extraction and Analysis

IT Auditing & Assurance, 2e, Hall & Singleton