PART 9 – CISA Domain3 – Information Systems Acquisition and Development, and Implementation
What are the online audit methods?Systems Control Audit Review (SCARF/EAM).
Snapshots
Audit Hooks
Integrated test facility (ITF).
Continuous and intermittent simulation (CIS).
Online auditing techniques:
Systems Control Audit Review File & Embedded Audit Modules – This technique involves embedding audit software in an organization’s host system to monitor the application systems on a selective basis
Snapshots – This technique allows you to take what can be called pictures of the transaction’s processing path, from the input stage to the output stage.
Audit hooks – This technique involves embedding hooks into application systems to act as red flags and to incite IS security and auditors before an error or irregularity becomes out of control.
Integrated test facility (ITF). It creates a fictitious entity within a database to process live input and test transactions simultaneously. It can be used for incorporating test transactions into a regular production run of a system.
Continuous and intermittent simulation (CIS). This means that each transaction that is entered into the application and accessed to the database by the DBMS is notified to the simulation
Here are some points to keep in mind:
Online auditing is the best way to detect errors and irregularities early.
Generalized audit software (GAS). This is used by IS auditors to detect duplicate invoice records in an invoice master file
Part 1, Part 2, Part 3, Partie 4, Part 5, Part 6, and Part 7, Part 8, Part 9.