Isca

Final 1484 views 2 replies
User Avatar

none
24 Points Joined March 2014

Hi all, 

Please help me answer the following question in ISCA, Chap 5

1) An automoblie spare parts production company has 10 distribution centers, each of which maintains their inventory status through the company's inventory application software on its virtual private network. Managers across the distribution centers have identified different types of fraud/errors committed during data entry, transaction processing and fake user logins in the inventory system. As an IS auditor prepare a report on how the risk appraisal can be undertaken, indicate approach with reason. 

2) difference between SCARF and CIS 

 

0 Reply Share Follow
On 20 March 2014 at 14:08 Report
Replies (2)
User Avatar

Management Accountant
40581 Points Joined June 2010

The differences between SCARF and CIS are:

System Control Audit Review File (SCARF)  Continuous and Intermittent Simulation (CIS)
  • This continuous audit technique involves embedding audit software modules within a host application system to provide continuous monitoring of the system’s transactions. 
  • This technique is used to trap exceptions whenever the application system uses a database management system.
  • The information collected is written onto a special audit file- the SCARF master files.
  • The DBMS reads an application system transaction and passes it to CIS.
  • Auditors then examine the information to identify the aspects of the application system that needs follow-up.
  • CIS determines whether it wants to examine the transaction further.
  • The technique is like a snapshot along with other data collection capabilities. Auditors use SCARF to collect the following types of information:
  • CIS replicates or simulates the application system processing.
(i) Application system errors.
  • Every update to the database that arises from processing the selected transaction
    will be checked by CIS for discrepancies
    in the results produced.
(ii) Policy and procedural variances.
  • Exceptions identified by CIS are written to a exception log file.
(iii) System exception.
  • The advantage of CIS are:
(iv) Statistical sample.  (i) Does not require modification to the application system for auditing.
(v) Snapshots and extended records. Profiling data. (ii) Testing with larger samples of client’s transactions and examine data faster and more efficiently.
(vi) Performance measurement. (iii) Increases the quality of audits by understanding a client’s business.
  (iv) Audit evidence gathered by performing tests of controls can be used as a basis for transactions analysis, access and data flow.
  (v) The entire processing can be evaluated and analysed rather than examining the inputs and the outputs only.
   
Reply
On 23 March 2014 at 13:21
User Avatar

CA Final
149 Points Joined February 2014

IS auditor has to do risk apprisal before undertaking audit, that is ok, but how to do this risk apprisal from auditors point of view is not given in ch 5? not getting the qus!!

part 2 is ok, its there in ch 5.

Reply
On 23 March 2014 at 18:03


CCI Pro

Leave a Reply

Post Reply

Your are not logged in . Please login to post replies

Click here to Login / Register  

Recent Threads

More recent discussions | Post

Related Threads
Loading