Professional Documents
Culture Documents
Output
Run(Spoolin
g)
Output
Report
Data
Contr
ol
Output File
Print Run
Output
Report
Aborted
Output
Output
Control
Report
Distrib
ution
Output
Report
Burstin
g
Wast
e
End
User
Output
Report
File
Stages in the Output
Process
INPUT
MASTER FILES
APPLICATION UNDER
REVIEW
Auditor reconciles
input transactions
with output
produced by
application
OUTPUT
Auditor prepares
test transactions
,test master files,
and expected
results
Predetermin
ed Results
Test data
Test data
Test Master
Files
Applicatio
n under
review
Test
Results
Test
data
Production
Transactions
Auditor uses Gas to
produce simulation of
application under
review
Application
Specificatio
n
Generalized
Audit
Software(GA
S)
Production
transaction
Files
Simulation
Program
Production
Master Files
Actual
Production
Application
Production
Output
Simulation
Output
Auditor reconciles
simulation output with
production output
Parallel Simulation
Chapte
r8
Data Structures
Two fundamental components:
o
o
Cyl
Surface Index
Cylinder 99
Key Range
Surface Nu
2200
98
3300
99
4400
2300
2400
2500
2600
Search
Track 99 on
Surface 3 of
Cylinder 99
sequentially
. We do not
have the
specific
address of
Record
(key) 2546
5.
Hashing
structures uses a
random file
organization
because the
process of
calculating
residuals and
converting them
into storage
locations
produces widely
dispersed record
addresses.
Types of Pointers
Physical address pointer contains the actual disk
storage location ( cylinder, surface, and record
number) needed by the disk controller.
Relative address pointer contains the relative
position of a record in the file.
Logical key pointer contains the primary key of
the related record
- this key value is then converted into the records
physical address by a hashing algorithm.
Sends
Payments
Anomalies
Normalizing Tables
- Dependencies are symptoms of structural
problems within tables
- Normalization process involves identifying and
removing structural dependencies from the table
-The attributes Part Number, Description, Order Quantity, and Unit Cost are
repeating group data. This means that when a particular purchase order contains
more than one item (most of the time), then multiple values will need to be captured
for these attributes. To resolve this, these repeating group data were removed to a
new PO Item Detail entity. The new entity was assigned a primary key that is a
composite of Part Number and PO Number. The creation of the new entity also
resolved the M:M association between the Purchase Order and Inventory entities by
providing a link.
2. Repeating Group Data in Receiving Report
-The attributes Part Number, Quantity Received, and Condition Code are
repeating groups in the Receiving Report entity and were removed to a new
called Rec Report Item Detail. A COMPOSITE KEY composed of PART NUMBER and
REC REPT NUMBER was assigned. As in the Previous example, creating this new
entity also resolved the M:M association between Receiving Report and Inventory.
3. Transitive Dependencies
-The Purchase Order and Receiving Report entities contain attributes that are
redundant with data in the Inventory and Supplier entities. These redundancies
occur because of transitive dependencies in the Purchase Order and Receiving
Report entities and are dropped.
Disadvantages of EAMs
The EAM approach has two significant disadvantages. The first pertains to
operational efficiency and the second is concerned with EAM integrity.
Operational Efficiency
From the users point of view, EAMs decrease operational performance.
The presence of an audit module within the host application may create
significant overhead, especially when the amount of testing is extensive.
One approach for relieving this burden from the system is to design
modules that may be turned on and off by the auditor. Doing so will, of
course, reduce the effectiveness of the EAM as an ongoing audit tool.
Flat File
GAS
3. Auditor determines
the selection criteria
used by GAS
Transaction
s List
Database
2. Database
management system
produces a flat file of
a portion of the
database.
4. GAS retrieves
selected records
from the flat file.
Auditor determines
selection criteria
(materially threshold)
and key fields to be
retrieved by GAS
Production
Inventory File
GAS
Transactions
List
Data Definition
One of ACLs strengths is the ability to read data stored in most
formats. ACL uses the data definition feature for this purpose.
To create a data definition, the auditor needs to know both where
the source file physically resides and its field structure layout.
Small files can be imported via text files or spreadsheets. Very
large files may need to be accessed directly from the mainframe
computer. When this is the case, the auditor must obtain access
privileges to the directory in which the file resides. Where
possible, however, a copy of the file should be stored in a
separate test directory or downloaded to the auditors PC. This
setup usually requires the assistance of systems professionals.
The auditor should ensure that he or she secures the correct
version of the file, that it is complete, and that the file structure
documentation is intact. At this point, the auditor is ready to
define the file to ACL. Figure 8.31 illustrates ACLs data definition
screen.
Customizing a View
A view is simply a way of looking at data in file; auditors
seldom need to use all the data contained in a file. ACL allows
the auditor to customize the original view created during data
definition to one that better meets his or her audit needs. The
auditor can create and reformat new views without changing or
deleting the data in the underlying file. Only the presentation of
the data is affected.
Filtering Data
ACL provides powerful options for filtering data that support
various audit tests. Filters are expressions that search for
records that meet the filter criteria. ACLs expression builder
allows the auditor to use logical operators such as AND, OR,,,
NOT and others to define and test conditions of any complexity
and to process only those records that match specific
conditions.
Stratifying Data
ACLs stratification feature allows the auditor to view the distribution
of records that fall into specified strata. Data can be stratified on any
numeric field such as sales price, unit cost, quantity sold, and so on.
The data are summarized and classified by strata, which can be
equal in size ( called intervals) or vary in size (called free).
Statistical Analysis
ACL offers many sampling methods for statistical analysis. Two of the
most frequently used are record sampling and monetary unit
sampling (MUS). Each method allows random and interval sampling.
The choice of methods will depend on the auditors strategy and the
composition of the file being audited. On one hand, when the records
in file are fairly evenly distributed across strata, the auditor may
want an unbiased sample and will thus choose the record sample
approach.