Auditing With IDEA - CaseWare · Contents 7 ExceptionTesting 51 Cross-Checking 51 Duplicates 51 Completeness 51 Cut-Off 51 OtherAuditObjectives 51 DetermineDataRequirements 52 DataAvailability

CA409

Auditing with IDEA

A CaseWare Analytics Document

Copyright © 2016 CaseWare IDEA Inc. All rights reserved. No part of this publication may bereproduced, transmitted, transcribed, stored in any retrieval system or translated into anylanguage in any form by any means without the permission of CaseWare IDEA Inc.

CaseWare IDEA Inc. is a privately held software development and marketing company, withoffices in Toronto and Ottawa, Canada, related companies in The Netherlands and China, andCaseWare Analytics Partners serving over 90 countries. CaseWare IDEA Inc. is a subsidiary ofCaseWare International Inc., the world leader in business-intelligence software for auditors,accountants, and systems and financial professionals.

IDEA is distributed under an exclusive license by:

CaseWare IDEA Inc.469 King Street West, 2nd FloorToronto, CANADAM5V 1K4www.casewareanalytics.com

IDEA® is a registered trademark of CaseWare International Inc.

http://www.casewareanalytics.com/

Contents

Section 1Introduction 9

Main Areas Where IDEA Can Be Used 9Identifying Exceptional Items 9Performing Analyses 9Checking Calculations 10Cross-matching Data Between Systems 10Testing for Gaps and Duplicates 10Sampling 11

Advantages of IDEA 11

IDEA Users 12

Section 2What Can I Use IDEA For? 13

General Financial Audit Use 14

Accounts Payable 14

Accounts Receivable 16

Fixed Assets 18

General Ledger 18

Payroll 20

Sales and Receipts 21

Purchases and Payments 22

Specific Industry Tests 24

Banks and Financial Institutions 24

Bank Account Numbers 26Bank Account Formats in Canada 26Bank Account Formats in the United Kingdom 26

CA409 Auditing With IDEA

6

Bank Account Formats in the United States 26VAT Numbers (United Kingdom Only) 26

Public Sector 28Benefits 28Taxes 30Housing Rents 30Social Insurance, Social Security, National Insurance or Identity Numbers 31

Inventories (Stocks) and Work-in-Progress 32

Insurance Companies 33Insurance Premiums 33Insurance Claims 34

Manufacturing Companies 34

Retailing Organizations 35

Fraud Investigations 36

Purchase Frauds 36

Payroll Frauds 39

Banking Frauds 40

Audit Telephone Logs/Accounts 41

Computer Security 43

System Logs 43

File Lists 44

Access Rights 44

Management Accounting 45

Management Accounting Analysis Work 45

Management Account Exception Tests 45

Section 3Plan the Use of IDEA 47

Determine Whether IDEA is Appropriate for the Audit 48

Key Objectives 48

Volume 48

Ease of Download 49

Audit Objectives 50

Mechanical Accuracy 50

Analytical Review 50

Contents

7

Exception Testing 51

Cross-Checking 51

Duplicates 51

Completeness 51

Cut-Off 51

Other Audit Objectives 51

Determine Data Requirements 52

Data Availability 52

Data Request 52

Review and Housekeeping 54

Set Objectives 54

Required Documentation 54

Reconciliations and Checks on Files 54

Review of Work Done 55

Backup 55

Housekeeping 55

Section 4Managing the Use of IDEA 57


8

Section 1

Introduction

IDEA is a computer-based file interrogation tool for use by auditors,accountants, investigators, and IT staff. It analyzes data in manyways and allows extraction, sampling, and manipulation of data inorder to identify errors, problems, specific issues, and trends.

You may also have access to IDEA Server which is a powerful dataanalysis application that operates using network servers. While youview the data and perform your analysis using the IDEA clientinstalled on your computer, all your data storage and processing isdone on a server. For more information, visit the IDEA Server area onthe CaseWare Analytics website.

For the purpose of brevity and readability, IDEA is used throughout torefer to the Windows-based stand-alone version of IDEA, as well asIDEA Server. For items that apply to IDEA Server only, a note that itapplies to IDEA Server only is added.

Main AreasWhere IDEA CanBe Used

The following are some of the main areas where IDEA can be used:

Identifying Exceptional Items

Exception testing can be used to identify unusual items. These may besimply large items or where the relationship between two pieces ofinformation on an item do not correlate, such as rate of pay and paygrade. Many fields of information can also be checked for allowablevalues. The tests are performed using the Direct Extraction task.

Performing Analyses

IDEA can help with the preparation of figures for an analytical review.In particular, it can generate analyses which would not otherwise beavailable. Stratification gives a profile of the population in valuebands, groups of codes or dates. This is particularly useful whenauditing assets such as Accounts Receivable, inventories, loans, or fora breakdown of transactions. Additionally, the information can besummarized to identify trends. If graphical analysis is required by

http://www.casewareanalytics.com/


10

particular codes or sub-codes then charting can be used. Figures canalso be compared against previous years to determine what datashould be output to a spreadsheet (either use Copy and paste theinformation into a spreadsheet or Export then chose either a MicrosoftExcel or dBASE format which most spreadsheet packages can read).

Checking Calculations

IDEA is excellent for proving calculations.

To total (or provide other statistical information such as averages,maximum or minimum value), view the Field Statistics for thedatabase.

Calculations can be checked by appending a calculated field (using theField Manipulation task) to create a calculation of the item.

Alternatively, use an exception test of miscalculations using theExtractions task.

The accuracy of any management reports may involve a wider use offunctions to achieve the result of reproducing the report. In thesecases running a series of tasks, such as Join Databases and/orSummarization, or the Aging task in the case of aged debt analyses,may be necessary.

Cross-matching Data Between Systems

One of the common ways to test the validity of an item is to cross-check it against some other information. For example, checkingaddresses or bank details of employees against those on AccountsPayable files to see if employees were also purporting to be suppliers.These tests are carried out by importing both files and then using theJoin Databases task. Another effective test for completeness is tocross-check between a master file and transactions to see if there areany items on the master file for which a transaction has not beenrecorded.

Testing for Gaps and Duplicates

IDEA can be used to test for completeness including testing for gaps ina numeric sequence (or missing items). To test for gaps there must bea sequential number on source documentation. Inventory and salesfiles can be tested for completeness of dispatch note numbers andpurchases files for received numbers. It may also be appropriate totest for gaps on a series of check numbers and also for completenessof inventory ticket numbers.

Dates may also be tested for gaps, such as days for which there areno transactions.

Duplicates testing can be very effective in certain circumstances suchas testing for duplicate payments to suppliers, identifying double input

Section 1: Introduction

11

of ticket numbers during inventory counts or identifying duplicatenames or addresses on an insurance or benefits claims file.

Sampling

Statistical sampling is commonly used to test for validity in a mannerwhich then allows for evaluation across a population. The moresophisticated methods such as Monetary Unit Sampling are difficult toimplement manually. Wherever tests need to refer to physicaldocumentation or assets rather than computer records then anappropriate statistical sampling technique should be used.

IDEA offers five types of sampling:

SamplingType

Description

Systematic Used to select samples that evenly cover a populationrange.

Random Used where statistical projections are required onvarious attributes of the population without bias.

StratifiedRandomSampling

Used either where the population consists of differentgroups (items have a different risk) which need to beevaluated separately, or if Classical VariablesSampling (Variables Estimation Sampling) is to beused.

MonetaryUnitSampling

Used where a financial assessment of error is requiredwith items than can be partially wrong.

ClassicalVariablesSampling

Used to predict the total error in a population(database), based on the error found in a sample.

Advantages ofIDEA

There are many advantages of using IDEA over manual auditingmethods. However the major benefits include:

l increased or wider scope of investigations, such as conductingtests which cannot be done manually

l increased coverage (checking a large number of items andpotentially covering 100 percent of the transactions for a year ormore)

l better information, such as extra analysis or profiling of data

l save time


12

IDEA Users IDEA is designed for both internal and external auditors, althoughtheir use of the software is usually different. It is also a valuable toolto fraud investigators, forensic accountants and managementaccountants.

IDEA is a versatile tool that is used in many different industries. Hereare some examples:

l The Information Technology industry uses IDEA for auditingcomputer security. System level commands are used to createfiles containing data such as systems logs, access permissions,and folder structures. These files are then imported into IDEA.Various tests can then be carried out to determine if security isadequate.

l The Healthcare industry uses IDEA for analyzing accountsreceivables, accounts payables, patient billing, charges, andmaterials management.

l School Boards use IDEA for analyzing kickback or conflict-of-interest schemes, phantom vendor schemes, policy compliance,and asset management.

l The Retail industry uses IDEA for analyzing gross profit,isolating price adjustment transactions, cash disbursements,loss prevention, and purchase order management.

Section 2

What Can I Use IDEA For?

IDEA has a range of uses within audit, investigations, managementaccounting, and general enquiries. Example tests are listed under thefollowing headings:

l General Financial Audit Use

l Specific Industry Tests

l Fraud Investigations

l Computer Security

l Management Accounting


14

General Financial Audit Use

You can use IDEA in auditing the standard ledgers and systems:

l Accounts Payable

l Accounts Receivable

l Fixed Assets

l General Ledger

l Payroll

l Sales and Receipts

l Purchases and Payments

AccountsPayable

Accounts Payable or the Purchase Ledger may have less auditsignificance as suppliers normally raise any problems. However, it isoften important for you to establish that liabilities are not understatedor suppressed.

Many tests relate to supplier master file details. This often resides in adifferent file from the detailed ledger items.

IDEA can help in several ways with the following Accounts Payabletests:

Accounts Payable Tests:

Calculations l Cast (total) the file. It is often best to separatedebit and credit balances (use Field Statistics).

l Summarize invoices by supplier to proveindividual balances.

Analyses l Select and report details of various types ofaccounts and compare with turnover.

l Stratify suppliers by turnover.

l Stratify supplier balances.

l Summarize balances by currency.

Section 2: General Financial Audit Use

15

Accounts Payable Tests:

Exceptions l Identify:

l Debit balances.

l Unusual transactions.

l Old invoices.

l Total liabilities for goods received andnot yet invoiced.

l Items with dates or references out ofrange (cut-off).

Matches andcomparisons

l Match subsequent period payments againstperiod and balances to identify unmatchedpayments.

l Compare the master file at two dates toidentify new suppliers.

Gaps andduplicates

l Test for:

l Duplicate invoice numbers.

l Gaps in invoice numbers.

l Duplicate bank account details.


16

AccountsReceivable

Tests of Accounts Receivable or the Sales Ledger are usually ofvalidity. Items of particular concern are old invoices, unmatched cash,and large balances, particularly where customers are in financialdifficulty. You can find these with exception tests. External auditorsmay wish to perform a circularization by choosing the requiredbalances and exporting to a word processor mail merge facility.

Addresses are normally held in a master file separate to thetransactions. However, Accounts Receivable data is often obtained byrequesting statements as a Print Report and reading it into IDEA. Caremust be taken to ensure statements have been produced for allaccounts.

Typical Accounts Receivable Tests

Calculations l Cast (or total) the file. It often pays to separateout debits and credits.

l Produce an aged debt analysis. Consider how todeal with unallocated cash and credit notes.IDEA, by default, ages these on their daterather than allocating against oldest item or anyother treatment. It is often worthwhile splittingthe file into invoices, unallocated cash (forexample, using multiple extractions), and thenaging the individual files.

l Revalue foreign debts.

l Check transaction totals to the balance on eachaccount.

Analyses l Profile debtors using stratification to see howmany large debts there are and what proportionof value is in the larger items.


17

Typical Accounts Receivable Tests


l Old items; for example, greater thanthree months old

l Large balances either in their own right orcompared to turnover

l Unmatched cash or credits

l Part payments of debts

l Invalid transaction types

l Customer addresses which are "care of"or flagged not to be sent out

l Select accounts for which no movements havebeen recorded in a set time.

l Report credit balances.

l Compare balances with credit limits and reportexceptions; for example, accounts withbalances in excess of their credit limits oraccounts with no credit limits.

l Test for items with dispatch dates or numbersoutside the expected range.

Gaps andduplicates

l Test for duplicate invoices (both invoice numberand customer/value).

Matching l Compare the balance on an account with itsturnover.

Sampling l Select samples (random or specific) forfunctional testing and circularization (andproduce circularization letters).


18

Fixed Assets Fixed Asset registers vary in the detail of information and volume ofrecords. In organizations with significant volumes of machinery IDEAcan scan for problem items. Property-based registers with significantdetail are also worth examining.

Common Fixed Asses Tests

Calculations l Cast (total) the file providing separate totals forcost, depreciation, and net book values.

l Recalculate depreciation figures.

l Prove totals of additions and disposals andrecalculate profits or losses on disposal.

Exceptions l Identify items with a large net book value.

l Supply details of where the depreciation rate isunusual.

l Test for dates being in the appropriate period.

l Identify assets transferred or acquired fromgroup companies.

l Provide information for tax purposes.

l Identify items with zero or negative cost anditems where depreciation exceeds cost.

l Identify items where description does not matchcoding.

Duplicates l Monetary Unit or Random samples for physicalverification or checking additions.

Sampling

General Ledger General or Nominal Ledgers contain balances for each accounttogether with the transaction history and various references anddescriptions. Usually balances and transactions are held in differentfiles, but you can prove the closing balances by summarizing thetransactions and opening balances.

Consider if budget and previous period data is available and useful forcomparisons and exception tests. Transaction data should includesources, dates, accounting month, transaction references, and postingreferences. Sophisticated ledgers hold each individual posting to allowenquiries, analyses, and drilldown. If only summary posting totals areheld, then the use of IDEA is limited. It is important to fullyunderstand coding structures.

Interrogations on General Ledgers can also be useful as a source ofinformation when auditing other areas, product profitability, branchperformance, and expenses.


19

Common General Ledger Tests

Calculations l Cast (total) the balances to ensure they balanceto zero.

Some ledgers include memo amountswhich you may need to exclude.

l Total (or summarize) transactions by account toprove the trial balance.

l Re-perform automatic allocations overaccounts.

l Re-perform account summarization formanagement accounts, financial accounts, orconsolidation.

Analyses l Compare balances with previous periods,budgets, or management accounts to showvariances and fluctuations.

l Provide totals of entries generated by differentsources, such as purchase sales ledger, orjournal vouchers, to show the volume andvalue.

Exceptions l Test for transactions with dates outside theposting month or year (cut-off).

l Test for duplicate postings.

l Provide detailed analysis of selected accounts.

Sampling l Provide samples of postings for verification (thesample could be random, exception-based, orspecified entries).

l Stratified Random Sampling is often appropriatefor General Ledgers as there are often differentvalues and risks associated with different typesof items. Alternatively, the transaction file canbe split into different types, such as sales andpurchases, using multiple extractions so thateach type can be tested/analyzed appropriately.

Some General Ledgers hold non-financial data, such as employeenumbers, for use in management reporting and apportioning of costs.You can identify them by their code type, and then exclude them fromthe calculation of the trial balance.


20

Payroll Payroll is one of the traditional audit areas applicable to mostorganizations and an excellent area to use IDEA. The main objective isvalidity and tests of existence of employee and correctness of pay.There are many regulations and taxes associated with payroll andcompliance with these can be checked. Some tests are based onidentification numbers.

Common Payroll Tests

Calculations l Cast (total) Gross Pay, Net Pay, Deductions andany other value fields.

l Calculate Gross Pay and Net Pay.

Analyses l Salaries by department and grade

l Profile employee ages and years of service toassist in forward planning

l Advise allowances by type

l Exception tests

l Large salaries

l Reasonableness of:

l Tax code

l Pay/grade comparison

l Hours worked

l Sickness taken

l Holiday taken

l Date of birth

l Identify bonuses and other allowances.

Gaps andduplicates

l Duplicate employees (identification numbers)on payroll file.

l Duplicate bank account details.


l Comparison of payroll file at two dates todetermine whether recorded starters andleavers (hires and terminations) and changes inpay are as expected.

l Join the payroll transactions file to the payrollmaster to determine if there are ''ghost''employees on the payroll.

See also Payroll Frauds.


21

Sales andReceipts

The main concerns in sales are completeness of recordedtransactions, correct pricing and the calculation of commissions.Credit checking may be important and, if significant, credit notes areworth checking.

Generally a sales history file should be available although on somesystems, transactions are archived monthly. In these cases, you needto make arrangements to copy and save the file each month. You canthen use the Append Databases task in IDEA to create an annual file(or whatever period is required) from the archived files.

It is normally worthwhile conducting some analyses of sales byappropriate headings and then using exception testing.

Common Sales and Receipts Tests

Calculations l Reproduce sales summaries and posting totals.

l Test pricing and discount calculations oninvoices.

Analyses l Analyze sales by area, salesperson, or month.

l Summarize receipts by type.

l Produce analytical review information on salesby value band.

l Summarize cash receipts by the account codedistribution for reconciliation to General Ledgerpostings.

Exceptions l Sales value higher than usual for item type

l Sales prices less than expected for product typeor large discount given

l Large credit notes

Gaps andduplicates

l Missing sales invoice and dispatch note numbers

l Duplicate invoices (either duplicate invoicenumber, dispatch number or customer anddetail/amount)

Cross-matching

l Match cash receipts to receipts posted to thedebtors ledger.

l Identify any unmatched records.

Sampling l Random or Monetary Unit samples ofsales/credit notes

l Samples of customers


22

Purchases andPayments

Purchases is one of the major areas of success with IDEA. The mainobjective is to check for the validity of items. This encompassessuppliers overpricing, invalid invoices, frauds of various types,accidental duplication and simply picking up expenses out of control.

Before embarking on all the various tests, it pays to conduct an initialanalysis of types and a profile of values. The fraud tests are listedseparately. See also Accounts Payable (Purchases Ledger) tests.

Common Purchases and Payments Tests

Calculations l Reproduce purchase analysis and posting totals.

l Recalculate the total of cash payments.

l Summarize cash payments by the respectiveaccount distribution for reconciliation to thegeneral ledger posting.

Anayses l Analyze purchase or payments by value bandsand identify unusual trends. Test for invoicesplitting, particularly below authorization levels.

l Summarize by the type of payment (forexample, regular supplier, one-off, cheque, andelectronic transfer).

Exceptions l Produce exception reports of large items,possibly with an exception limit determined bythe type of item, such as the General Ledgercode.

l Test for valid VAT numbers (Europe only).

l Identify:

l Major suppliers

l Debit notes and journals

l Capital items below minimum limits

l Revenue items above capitalization limits

Gaps andduplicates

l Test for:

l Duplicate invoices/payments (either oninternal invoice number, external invoicenumber, supplier/amount, purchase ordernumber or combination)

l Duplicate supplier details on the masterfile

l Missing Goods Received Notes (GRNs)


23

Common Purchases and Payments Tests

Cross-matching

l Cross-match payees on cheques with theemployee file.

l Cross-check bank account details withemployee files.

Sampling l Sample of invoices or suppliers


24

Specific Industry Tests

As well as the general uses of IDEA , there are specific uses in eachmarket or business sector as well as other uses such as fraud testing,computer security, and management accounting.

l Banks and financial institutions

l Bank account numbers

l Public sector

l Inventories

l Insurance companies

l Manufacturing companies

l Retailing organizations

Banks andFinancialInstitutions

IDEA is useful on most areas of banking, including current accounts,personal and corporate lending, treasury functions and investmentaccounts. The usual guidelines on volume and depth apply. However,in some banking systems the volume of transactions can be too greatto download to a computer. It may be appropriate to download asegment of the data or a selected number of fields, using one ofIDEA's Sampling tasks.

Test that cover a variety of account types

Calculationsandanalyses

l Cast (or total) the ledgers, account balances,and accrued interest.

l Perform interest calculations.

l Check calculation of bank charges.

l Reprove arrears calculations and reporting(loans).

l Prove interest capitalization.

Section 2: Specific Industry Tests

25

Test that cover a variety of account types


l Accounts with missing standing data

l Invalid or unusual standing data

l Dormant accounts and transactions onthem

l Accounts with statement suppression

l Staff loans

l Large loans

l Loan balances greater than the originaladvance

l Negative balances

l Forward-dated transactions

l Overdue maturities

l Customers over their overdraft limit orcustomers with expired accounts

l Check charges are being raised whereappropriate.

l Test for unusual interest rates.

l Provide totals of forward-dated transactions.

l Perform currency conversion.

l Provide details of currency exposure.

Other useful tests include stratifying interest ratesagainst each risk rating. Generally, higher risk loansshould bear a higher rate of interest. The analysisfollowed by exception testing can pick up anomaliesor branches/individuals who are either risky orparticularly prudent in their lending.


l Multiple loans to the same address (by settingup a key) based on the address and usingduplicates test.

l Match addresses of loans to employeeaddresses.

l Compare balances at different periods toidentify movements.

It is often useful to test the format of bank account numbers.


26

Bank AccountNumbers

Bank account numbers often have a fixed format. You can thereforecheck numbers to ensure they conform to the valid format.

A bank account number is only unique to a particular bank, thereforeyou must always include the bank sort code (identifying the bank andbranch) when testing for valid (or duplicate) accounts. Additionally,you must also test clearing accounts, if used (very common within theUnited Kingdom).

Bank Account Formats in Canada

Bank account numbers in Canada take the following form:

l Transit number: 12345

l Bank number: 123

l Account number: 1234567

Bank Account Formats in the United Kingdom

The bank sort code is a six-digit number, usually grouped into threepairs of digits and separated by ''-''.

The actual bank account number is usually a six to eight-digit number.

l Bank sort code: 30-20-30

l Bank account: 12345678

Bank Account Formats in the United States

l Federal Bank Routing: 1110-01150

l Bank account: 9999-1234567

where 9999 identifies the bank and branch

1234567 is the account number.

VAT Numbers (United Kingdom Only)

Value Added Tax (VAT) is a tax on the final consumption of certaingoods and services in the United Kingdom. It is collected at everystage of production and distribution. Subject to certain rules andexemptions, business are required to register for a VAT number inorder to collect and submit this tax.

A complex algorithm is used to calculate the check-digits for valid VATnumbers. Often fraudsters process invoices with invalid VAT numbers,as this algorithm is relatively unknown outside the accountingprofession. The UK VAT number is a nine-digit number. Groups ofdigits are often separated by spaces or other punctuation forreadability purposes.

For example, a valid number is 232 1462 05.


27

The algorithm only applies to the digits within the number, thereforeany punctuation and spaces should first be removed using @Strip. Thelast two digits are the check digit, and should be extracted to aseparate field using @Mid.

The check digit is calculated as follows:

Multiply the first 7 digits in turn by 8,7,6 .... 2, and then add up thetotals as follows:

VAT No Multiplier Check

2 x 8 = 16

3 x 7 = 21

2 x 6 = 12

1 x 5 = 5

4 x 4 = 16

6 x 3 = 18

2 x 2 = 4

92

In IDEA, each component can be calculated using a Virtual field, suchas @Mid(field,1,1) * 8 for the first digit, @Mid(field,2,1) * 7 for thesecond digit, etc.

Calculate the modulus 97 of the total. For example, keep subtracting97 until a negative value is reached. In the above example:

92 - 97 = -05

If the first subtraction did not yield a negative remainder, continuesubtracting 97.

Take the absolute value of the calculated check digit. Use @Abs inIDEA.

The following will calculate the check digit (in Equation Editor, youmust click the MOD button to insert the % sign):

@Abs(TOTAL%97 - 97)

Extract any records where there are differences between the actualand calculated check digits.


28

Public Sector Government systems often relate to the payment of benefits, grants,and assistance to individuals and organizations. The tests with IDEAtend to be specific to the particular system (which is often unique), butthere are some general categories:

l Benefits

l Taxes

l Housing Rents

l Identification Numbers

Benefits

The key tests on benefit systems are tests of validity using exceptiontesting and cross-matching.

Common Benefits Tests

Calculations l Agree the totals of benefits paid and due tosummary reports.

l Reconcile awards to the ledger accounts.

l Reprove the benefit, grant calculation, etc.,identifying exceptions.

Analyses l Benefits paid, including the average, minimum,and maximum

l Stratification of allowances and rebates

l Award and component grants/allowances,identifying particularly large or unusualamounts

l Claimants by age, identifying particularlyold/young as appropriate

Exceptions l Create an exception report of high benefits andthose out of range.

l Identify benefits paid on void/empty/deceasedcases.

l Identify offsets or recoveries exceedingbenefits paid.

l Ensure correct allowances are awarded.

l Check validity of identification documents.


29

Common Benefits Tests

Gaps andduplicates

Test for duplicate claims using:

l Address

l Surname and initials

l Surname and date of birth

l Identification numbers, for example, SocialInsurance, Social Security, National InsuranceNumber

Cross-matching

l The benefits file to the employees' payroll fileusing the address, postal code (or ZIP code), orbank account details.

l The benefit beneficiary name with names onother benefit systems, the electoral system, orcentral register

l Addresses with property registers (whereavailable) to ensure a valid address has beengiven

l With other awards and departments

l Bank account details/addresses with employeepayroll

There may be certain legal considerationsin different countries on whether cross-matching between systems is allowed.


30

Taxes

Another major area for government work is in auditing the varioustaxes collected at local and national levels. Tests are often veryspecific to the departments concerned, but there are some generalpoints:

Tests

Calculations l Proof of year-end balances and assessment ofthe arrears position.

l Calculation of tax is within feasible boundaries.

Analyses l Age analysis of arrears and split between typeof charge.

l Analyze write-offs and refunds.

Exceptions l Test of validity of charge raised.

l Identify large write-offs and refunds.

l Check validity of reference numbers.

Cross-matching

l Property-based taxes - cross-check to propertyregister (if possible) to ensure a charge hasbeen raised for each property.

l Check expenses claimed by one organization tiein to declared revenue of supplier.

Housing Rents

A specific set of tests for those organizations with rent ledgers are:

Tests

Calculations l Reconcile housing rents received to ledgeraccounts, including voids, service charges, andparking.

Analyses l Analyze rents received, including the size andprofile of rents.

l Analyze rent controls (where applicable)

l Age analysis and profile of arrears.

l Proof of year-end arrears listing.

l Estimate/assess the adequacy of provisionagainst outstanding rents.

Exceptions l Identify unlet or void properties.

l Test validity of property details for blanks orimplausible values.


31

Social Insurance, Social Security, National Insurance or Iden-tity Numbers

Social Insurance, Social Security, National Insurance or IdentityNumbers are unique to a person and are therefore an excellent meansof testing the validity of items on a payroll, personnel, or benefitssystem. You should always carry out a test for duplicate numbers onsuch systems.

These numbers generally have a fixed format. In some countriesthere is an algorithm for checking the validity of the number.However, such algorithms are rarely publicized as they may lead tothe creation of numbers for fraudulent use. If you know the algorithm,you can use IDEA to check the validity of numbers on the file,otherwise you can check the format of the number to ensure itconforms to a set pattern. See Testing the Format of a Number.

Additionally, you can also identify missing or temporary numbers. Youshould follow up on temporary numbers to ensure there is a validreason for its use.

IdentificationNumber

Country Format

SocialInsuranceNumber

Canada The format of the Social InsuranceNumber is 999 999 999 where 9 is anydigit (0-9).

NationalInsuranceNumber

UnitedKingdom

l The format of the NationalInsurance number is:

l XY999999Z where X and Yare any character, 999999 isany digit (0-9) and Z is thequartile character withvalues A,B,C or D.

l Temporary numbers have theformat TN999999X (The quartilecharacter is usually an X.)

Social SecurityNumber

UnitedStates

The format of the Social Securitynumber is 999-99-9999 where 9 is anydigit (0-9).


32

Inventories(Stocks) andWork-in-Progress

There is normally a master or balances file that contains details ofinventory holdings at a particular date. Costs may be held in aseparate file. Transaction history can be particularly useful althoughfile sizes are often quite large. You normally have to pick up sellingprices from a separate file.

Common Inventories (Stocks) and Work-in-Progress Tests

Calculations l Cast (or total) the file, providing sub-totals ofthe categories of inventory.

l Re-perform any calculations involved inarriving at the final stock quantities and values.

l Re-perform material and labour costcalculations on assembled items.

Analyses l Age stock by date of receipt.

l Compute the number of months stock of eachitem held based on either sales or purchases.Produce a summary of this information.

l Stratify balances by value bands.

Exceptions l Identify and total stock held in excess ofmaximum and minimum stock levels.

l Identify and total obsolete or damaged stock.

l Identify any items with excessive or negligibleselling or cost prices.

l Identify differences arising from physical stockcounts.

l Test for movements with dates or referencenumbers not in the correct period (cut-off).

l Identify balances which include unusual items,such as adjustments.

l Identify work in progress which has been openfor an unreasonable period.

l Identify stock acquired from group companies.

Gaps andduplicates

l Test for missing stock ticket and transactionnumbers.

l Identify duplicate stock items.


l Compare files at two dates to identify new ordeleted stock lines or to identify significantfluctuations in cost or selling price.

l Compare cost and selling price and identifyitems where cost exceeds net realizable value.


33

InsuranceCompanies

The main transaction streams are premiums and claims althoughthere are special areas such as re-insurance where you can use IDEAsuccessfully.

Insurance Premiums

The main tests are concerned with ensuring all premiums are raisedand the correct rate is used. However, analyses of risk and exceptiontests of old or forward-dated items are useful.

Common Insurance Premiums Tests

Calculations l Recalculate premiums.

l Prove posting totals.

Analyses l Stratify premiums by size and product type.

l Summarize new business by agent or area.

l Summarize debts by agent.

Exceptions l Extract old premiums due on policies whichhave not been lapsed.

l Identify policies which have been cancelledsoon after inception.

l Identify policies with initial discounts that havethen been lapsed and credited.

l Extract negative debts.

l Identify unallocated cash.

l Extract policies with blank or invalid policynumbers.

l Identify policy premiums which have only beenpartly paid.

l Direct debits which have not been collected.


34

Insurance Claims

Claims is a classic payments area. There is usually a considerableanalysis available as claims can be matched back to policy details andthere are usually various claim types, reason codes, and risk codes.

Common Insurance Claims Tests

Calculations l Cast (or total) outstanding claims.

l Prove posting totals.

Analyses l Analyze by month and type, and calculateaverage values.

l Group claims by product type.

l Matrix analyze date of incident to date claimreported as part of assessing claims incurredbut not recorded.

Exceptions l Identify high value claims.

l Identify claims with no movement in the last sixmonths (some claims get reported but querieson the claim are not responded to leaving oldexpired claims on the system).

l Identify negative balances (recoveries).

Gaps andduplicates

l Check for duplicate claims (same policy numberand either same amount or same date ofincident).

l Check for multiple claims on the same policy(some policy holders are particularly unlucky,however others make a business out of claimingmore than once for an incident. This can bepicked up by testing for claims with the sameamount or same date of incident).

There are also a number of tests cross-matching between files.Starting from the basic test of the existence of a policy in the sametime period as the claim to checking details between claims andpolicies. It may be worthwhile to see how many new policiesexperience claims shortly after inception.

ManufacturingCompanies

Manufacturing companies have many of the standard ledgers, andpurchasing and payroll can be key concerns (see General FinancialAudit Use). However, the main business areas are Inventories(Stocks) and Work-in-Progress.


35

RetailingOrganizations

Retailers have many of the standard ledgers. Purchasing and payrollcan be key concerns. However the main business areas are sales andinventories. Retailers often have point-of-sale systems which collectlarge volumes of useful data which IDEA can analyze.

The main tests on inventories are similar to manufacturing companieswith perhaps more emphasis on movement, margins, and shrinkage.Additional tests include:

l Gross profit analyses

l Items past their shelf life

l Comparisons between stores on holdings and inventory turnoverper product line

l Price adjustment transactions


36

Fraud Investigations

You can use IDEA to identify or assist in identifying unusual andsuspect transactions as part of a fraud investigation.

You can use IDEA on copies of the files without alerting those undersuspicion and can build up evidence to prove what has occurred.However, it should be noted that there can be problems in submittingcomputer records as evidence to a court. Hence, expert advice shouldbe sought if information from IDEA needs to be submitted.

Common areas of fraud testing with IDEA are:

l Purchase frauds

l Payroll frauds

l Banking frauds

l Auditing telephone logs/accounts

Purchase Frauds Purchase fraud is probably the most common type of fraud in anorganization. It may be the simple submission of a dummy invoice,the re-use of another valid invoice, the withholding of a credit note, ora more complex arrangement. Many frauds involve the manipulationof the payments information on personal accounts within the AccountsPayable system.

Many purchasing systems are complex with automatic re-ordering sothat once a supplier has been set-up and/or a requisition input,payment is processed automatically.

You can use IDEA on a number of files: supplier master, purchaseledger, payments history, or purchase invoices. It depends on thesystem, the available data and the nature of possible frauds as towhich test is best, however some examples are:

Section 2: Fraud Investigations

37

Tests

Purchases Usually, you need both the transaction and master files.The supplier master file contains names and addressesand usually additional information such as contacttelephone numbers, bank account details, andalternative addresses which you require in this type ofwork.

l Using the first five or six characters of the name,match (use Join Databases) supplier namesagainst a list of employee surnames from apayroll or personnel file (use combinations ofpurchases file @Upper, @AllTrim, @Ltrim, @Isin,@Mid, @Soundex, and @Strip @Functions).

l (Europe only) Test for accounts without VATnumbers, duplicate VAT numbers, or VATnumbers where the cheque digit is incorrect.(Generally, fraudulent accounts do not have validVAT numbers and use either someone else's or adummy number).

l For organizations which are eligible to reclaimVAT on specific items (or from specific suppliers),ensure that the correct amount of VAT is beingreclaimed.

l Examine purchase ledger transactions for entriesat or just below the approval level of managers. Ifthe computer system captures the approvingauthority for a transaction, examine the valuedistribution for each manager.

l Examine to see if amounts are being approved ator just below, break points in authority level by avalue distribution across the whole ledger. Ifapproval authority is not directly available,perform subsidiary analysis by types of supplieror approving department.

l Look for split invoices to enable approval to bekept by an individual. Extract all invoices within90 percent of an approved limit (preferably for asuspected manager or department) and search forall invoices from that supplier. Index byapproving manager, department and date toidentify possible split invoices or summarizepayments by invoice number to determine howmany part-payments have been made for eachinvoice.

l Test for duplicate invoices using value andsupplier code as the key fields for one test andpurchase order number for another. The secondprocessing of invoices can be used to establish avalue on the P/L to make a fraudulent payment.(This picks up accidental duplication).


38

Tests

Payments l Search the payments file for payees without''Inc'', ''plc'', ''Ltd'' etc. in their names to identifypayments to individuals using @Isin).

l Stratify the size of payments and extract anyexceptionally high payments.

l If payments are made by electronic transfersextract lists of bank codes and account numbersfrom both the P/L payments files and the payroll.Compare to see if any accounts match.

l Identify the number and value of purchasejournals, particularly those transferring amountsinto minor accounts.


39

Payroll Frauds Payroll frauds are one of the most common types of fraud committed.Often a fictitious or ''ghost'' employee is set up on a salary systemwith payments following automatically. This is particularly true in thecase of electronic payments into bank accounts where no chequesneed to be collected. Other common ways to defraud a payroll systemare by not removing leavers (terminations), then channelling their payinto another bank account, or by submitting excessive overtime,expense, or allowance claims.

In most cases payroll frauds are found by accident, perhaps a queryby the revenue authorities or a colleague who notices somethingsuspicious. You can use IDEA on a regular basis to analyze paymentslooking for unusual items, matching payments to the payroll masterfile ensuring correct rates, allowances and deductions are applied andidentifying any ''ghost'' employees or duplicate payments.

Most payroll files have a master file with cumulative totals and staticdata which you should access. Additionally, you need the payrolltransactions file to conduct a full investigation of payments.

Common Payroll Frauds Tests

Duplicates l Test for duplicate employees on the entire payrollfile (appending or joining payroll files ifnecessary), using the employees' SocialInsurance, Social Security or National InsuranceNumbers as a unique employee identifier.

l Check for duplicate bank accounts. This test mayreport family accounts where more than onemember of a family is employed by theorganization. However, these can be eliminatedfrom the list of duplicates leaving the fraudulentitems.

Cross-matches

l Match master information from the payroll filewith the organization's personnel file todetermine whether there are ''ghost'' employeeson the payroll.

l Compare the payroll file at two dates, forexample the beginning and the end of a month, todetermine whether recorded starters and leavers(hires and terminations) are as expected and ifany employees have received unusually largesalary increases.


40

Common Payroll Frauds Tests

Exceptions l Ensure each employee's salary is between theminimum and maximum for his/her position orgrade. You should also test the reasonableness ofallowances to position or grade.

l Investigate excessive overtime and allowanceclaims to ensure there has been no over-claim.

l Compare holidays and sick leave taken to thelimits for a particular grade or position, and ifthere is a high rate of absenteeism for sicknessthis could be analyzed by department to identifyproblem areas.

l Evaluate the reasonableness of tax codes andcompare changes in tax code over a period.

See also Payroll.

Banking Frauds Bank, Savings & Loans, and Building Society systems are normallysubject to strong reconciliation controls, but controls need to be of apreventive nature to stop fraud. This is particularly the case withFunds Transfer where subsequent tests may establish how it happenedbut not stop the loss.

Other types of fraud can be on-going and identified by analysis andexception testing. This is true of:

l Dormant accounts

l Ensure accounts with no movement have been flagged asdormant.

l Identify dormant accounts with movement.

l Check transfers from dormant to staff accounts.

l Check changes of address to dormant accounts.

l Revolving loans

l Check for loans with common addresses, postal codes (orZIP codes), and names.

l Check loans advanced to staff accounts.

l Money laundering

l Identify accounts with a large average value oftransactions. It may be necessary to first convert thetransaction value to an absolute amount (use @Abs) topick out both large debit and credit transactions. (UseSummarization and then a Virtual field to divide the valueby the number of records). It is common for there to be a


41

small number of high value transactions through anaccount being used for money laundering.

l Identify matched debit and credit transactions on thesame account within a short time period. Suchtransactions would be identified through Duplicate KeyDetection using the account number and absolutetransaction value as the key.

l Search for large rounded transaction values.

l Identify multiple accounts for particular individuals.

l Identify large cash deposits.

l Test to make sure customer identification procedures arein operation by searching for missing data in key fieldssuch as:

l Date of birth

l Driver's license number

l Identification numbers

Audit TelephoneLogs/Accounts

You can audit telephone logs/accounts as part of a Value for Moneyexercise. However, testing has also proven to be very useful whenused in fraud investigations.

If a call logging system is used, you can probably access the log file inelectronic format either using a copy of the log file (if in a simpleformat) or through printing the log report to disk and then importing itusing Print Report files (Report Reader for IDEA) in the ImportAssistant.

You can obtain electronic versions of telephone accounts from mosttelephone companies, usually on diskette (but there may be acharge).

Common Logs/Accounts Tests

Calculations l Verify the total cost of the calls and number ofcalls to the total account charge.

Analyses l Summarize number of calls and cost by externaltelephone number.

l Stratify time and costs for both the detailed andsummarized files.

l Summarize time and cost by caller.


42

Common Logs/Accounts Tests

Exceptions l Extract:

l High value calls on both the detailed andsummary files

l High frequency call numbers

l Overseas calls

l Calls to premium service numbers, suchas chat lines and directory enquiries

l Calls made outside normal working hours

l Calls made on weekends (using @Dow or@Workday)

l Exceptions by caller

l Fax and modem calls

l High value calls made from unusualnumbers, such as conference/meetingrooms.

Cross-matching

l Extract calls to ''blacklisted'' numbers. (If a listof such numbers is kept the items can beidentified using Join Databases with Matchesonly selected).

l Match against a database (from personnel) ofhome phone numbers.

l Compare/match monthly files to identify highfrequency ''new'' call numbers.

Section 2: Computer Security

43

Computer Security

IDEA has been used with particular success in conducting securityaudits. Normally on a security audit the various controls over accessare evaluated, the types of journals and logs which are kept areconsidered, and the way the system is administered and monitored isassessed. To complement these theoretical evaluations, a much moresubstantive approach to checking security can be conducted usingIDEA.

System level commands are used to create files containing data, suchas systems logs, access permissions, and directory structures, andthese files are then imported into IDEA. You can then carry out varioustests to determine if security is adequate.

The three major areas to use IDEA in auditing and analyzing are:

l System logs

l File lists

l Access rights

System Logs When auditing system logs, you may wish to:

l List:

l Accesses outside standard office hours or duringholiday/sick leave

l All users with their normal computers

l All computers with their normal users

l Users on unusual computers

l Identify users, particularly those with supervisory rights whoare logged on for long periods of time.

l Analyze by user - identify those with higher use than mightreasonably be expected.

l Summarize by network address to identify.

l Summarize charges by user to determine resource utilization.

l Analyze utilization by period, such as daily, weekly, andmonthly, to show historical trends.


44

File Lists When performing auditing tests in regards to computer security, youmay wish to:

l List duplicate names (both software for multiple copies and datawhere there is a risk of accidental deletion).

l Identify old files.

l Analyze by directory.

l Analyze file sizes by owner.

l Identify last access dates for old files.

l Analyze file type (by file name extension).

l Identify all files without an owner, such as where user accountshave been removed from the system.

l Test for .com, .exe or .bat files in areas where there should notbe programs on DOS/Windows systems.

Access Rights In regards to access rights, you might decide to audit:

l Lists of:

l Accounts with passwords not set or not required foraccess

l Group memberships

l Accounts with:

l Short access passwords (less than the recommended sixcharacters)

l No activity in the last six months

l Access to key directories

l Supervisor status

l Equivalence to users with high level access, such assupervisory equivalence

l Aging of password changes

Section 2: Management Accounting

45

Management Accounting

IDEA is generally considered an audit tool. However, managementaccountants often use it for reporting and ad hoc investigations.

Many systems come with their own report generators or query tools.However, sometimes they are limited in their functionality, aredifficult to use, or in some cases do not exist.

Most work with IDEA is analysis or exception testing.

ManagementAccountingAnalysis Work

The following is a list of some of the work you might complete whenperforming management accounting analysis:

l Calculation of ratios on a line-by-line or summary basis.

l Summarization of items by customer or supplier followed by aranking in order of value.

l Calculation of response days and stratification of results andexception report of longest.

l Profile of population (for example, Accounts Receivable) invalue bands.

l Calculation of inventory provision.

l Analysis of profitability of each product line or grouping.

ManagementAccountException Tests

When performing exception tests on management accounting, youmay wish to:

l Search for payments to individuals.

l Identify un-costed items.

l Search for items with high or low profit margins.

Section 3

Plan the Use of IDEA

The main steps to using IDEA in an audit are:

l Determine Whether IDEA is Appropriate for the Audit

l Outline Your Objectives

l Determine Data Requirements

l Review and Housekeeping


48

Determine Whether IDEA is Appropriate for theAudit

You can judge the likely benefits from using IDEA from the auditobjectives and expected problems, as well as the volume and width ofdata. Additional consideration should be given to the usefulness ofadditional analyses over what is currently provided by the system andwhether any special factors apply, such as fraud detection andinvestigation, Value For Money audits (in obtaining performancestatistics), and special investigations.

Costs are largely determined by the download. There is some time inactually performing the IDEA tests although this is not normallysignificant. It is also usual that far more ''exceptional'' items andqueries are identified when using IDEA than other methods and thesemay require follow up time. Alternatively, these items may be givento management to follow up on.

The use of IDEA may replace other tests and give an overall timesaving. Alternatively, the reason for using IDEA may be to add to thescope, in which case the extra costs should be defined. Clearly thecost of using IDEA must be balanced against the benefits.

Key Objectives IDEA is most useful when there is a problem to solve on an audit. Itmay be assessing the extent of bad loans, debts or inventoryprovisions, looking at performance in collecting cash or simplyspeeding up the time to prove calculations.

IDEA is used generally for substantive testing. If you need todetermine if items are in error, quantify a problem, or identify certainitems, then you should use IDEA. IDEA does not normally help withchecking procedures although it may be inferred that if there are noerrors then the procedures must be working. You can use IDEA forcompliance testing when checking computer-based controls where itmay be possible to perform edit checks, matching, and othercomputer based procedures.

Volume In general terms, IDEA is more appropriate with a large volume ofsmall value transactions. The greater the volume of data the moreuseful IDEA is for investigation. If there are less than a few hundredrecords, then IDEA is unlikely to give much benefit over manual work.For large files, say over 1,000,000 records, then a calculation of therequired disk size should be made, such as the number of recordsmultiplied by the approximate space each record takes. IDEA can beused on files with tens of millions of records but a fast computer withlarge disk will be essential.

The amount of data held on each item also makes a difference to thepotential benefit of using IDEA. Items with full history andcomprehensive detail allow a wide variety of tests. If only the

Section 3: Determine Whether IDEA is Appropriate for the Audit

49

sparsest information is held, then IDEA is restrained to some simplecalculation, analysis and sampling.

Ease ofDownload

If there is a major cost in using IDEA then it is likely to be incurredwhen downloading the data. You must transfer the data from the hostcomputer to the computer running IDEA or onto a network serveraccessible by the auditor's computer. This may be quite simple andonly take a few minutes or it may be more complex and involve aquery or report being written. It may also require the use ofequipment to convert data or to read a particular tape or cartridgeformat. If a bureau or agency is used they may charge for theirservices. Some technical assistance may be required and this may becharged.

Please refer to the IDEA book Auditors' Guide to Downloading Data formore information on downloading.

Once you have set up and used a downloading method for a particularsystem or computer, subsequent downloads are usuallystraightforward and the costs (if any) are known. However, the firsttime you need to make an estimate of time and costs.


50

Audit Objectives

In routine audits, you can use IDEA to meet the following objectives:

l Mechanical accuracy

l Analytical review

l Exception testing

l Cross-checking

l Duplicates testing

l Completeness

l Cut-off

l Other audit objectives

l Audit sampling

MechanicalAccuracy

IDEA is excellent for proving calculations.

To total the file, use Field Statistics.

You can check calculations by using the Append button on the FieldManipulation dialog box to create a calculation of the item.

Alternatively, use an exception test of miscalculations using DirectExtraction.

The accuracy of any management reports may involve a wider use ofoptions to achieve the result of reproducing the report. In these casesa series of the Join Databases and/or Summarization tasks, or theAging task in the case of aged debt analyses, may be necessary.

AnalyticalReview

IDEA can help with the preparation of figures for an analytical review.In particular, it can generate analyses which would not otherwise beavailable. Stratification provides a profile of the population in valuebands, groups of codes, or dates. This is particularly useful whenauditing assets such as debtors, inventories, loans, or for abreakdown of transactions. Additionally, you can summarize theinformation by trends, if you require graphical analysis by particularcodes or sub-codes. You can also compare figures against previousyears to determine when the file should be output to a spreadsheet(either use Copy and then paste the information or Export, then choseeither Microsoft Excel, or dBASE format which most spreadsheetpackages can read).

Section 3: Audit Objectives

51

ExceptionTesting

You can use exception testing to identify unusual or strange items.These may simply be large items, or where the relationship betweentwo pieces of information on an item do not correlate. You can alsocheck many fields of information for allowable values (for example,standard fees). To perform these tests, use Direct Extraction.

Cross-Checking One of the common ways to test the validity of an item is to cross-check it against some other information. For example, checkingaddresses or bank details of employees against those on AccountsPayable files to see if any employees were also purporting to besuppliers. You can carry out these tests by importing both files andthen using Join Databases.

Duplicates Duplicates testing can be very effective in certain circumstances, suchas testing payments or looking for double input of ticket numbersduring inventory counts.

It may be necessary to join two files together first in order to performa validity test, such as joining a transaction file to a master file.

It is run using Duplicate Key Detection.

Completeness The major test is for gaps. There must be a sequential number onsource documentation for this to work. You can test inventory andsales files for completeness of despatch note numbers and purchasesfiles for received numbers. It may also be appropriate to test for gapson a series of cheque numbers and for completeness of inventoryticket numbers. Another effective test for completeness is to cross-match between a master file and transactions to see if there are anyitems on the master file for which a transaction has not been raised.

Cut-Off You can test year-end ledger, inventory, or transaction files for cut-offby testing for items with dates or sequence numbers above or belowthe year end cut-off. For this test, use Direct Extraction.

Other AuditObjectives

IDEA can often provide useful information in complex areas such asprovisions and valuations by producing a number of views based on aseries of different parameters.

Taking inventory as an example, you can identify items that have notmoved in three, six, nine and 12-month bands; match against postyear-end sales to see what has not sold and net realizable valuetested on those that have; and check items in inventory last yearagainst what has not sold this year.


52

Determine Data Requirements

Once you have decided to use IDEA and defined the objectives, it isnecessary to work out what data you require. This is often a two-wayprocess in that the tests to be carried out are limited to the data that isavailable. You may require data from more than one file or computersystem.

l Find out what data is available.

l Decide what data to request.

Data Availability There are two main sources of finding out what data is stored:

l IT staff who support the system (possibly third party)

l Users who input, review, and own the data

Systems documentation describes, in theory, what should be held, butin practice fields may be used for a different purpose or not at all. Forexample, it is no use designing a test based on date of birth to thenfind that the users do not bother entering dates of birth, hence, it isessential to research what data is available by discussing andrequesting file layouts (also known as file or record definitions,schemas, or data dictionaries).

Data Request In determining which data to obtain, it may be easier to request andimport all fields. However, in some cases this may result in large filesizes and be time consuming to define all the fields when importingthe file into IDEA. Further, in using IDEA there are a number of placeswhere it is necessary to select fields. The more fields there are, thelonger it takes for you to select the correct fields.

Therefore, it may be better to be selective, ignoring blank fields andunnecessary information. At the same time, do not omit keyinformation.

Areas to consider include:

Area

Addresses You can use addresses to perform ''fuzzy matching'',such as checking if any supplier addresses are thesame as employee addresses. You may needaddresses for circularization purposes. However,addresses take up a considerable amount of space. Itmay be possible to include only the first portion of anaddress.

Section 3: Determine Data Requirements

53

Area

References All fields with reference numbers should be picked up.These are likely to be needed for any joins to otherfiles and are good for gaps and duplicates tests.

Flags andcodes

It is important to understand what flags and codesmean. You may often need to select items based oncodes. They rarely take up much space and should beincluded.

Dates Dates are a valuable source for testing and shouldnormally be included in the request. Care must betaken to understand how dates are used by a systemand what they actually represent.

Descriptions Long descriptions can be truncated if space is short,but it is often useful to have a short description on thefinal output.

The need for other fields depends on the audit tests. If in doubt,include a field but at the end of an audit, as part of the reviewprocess; it is worthwhile noting what has been useful and what wasnot. In subsequent audits, you need to only import the necessaryfields.

Once the requested data is made available, use the Import Assistantto aid you in transferring the data into IDEA, giving it an IDEAdatabase format - IMD (ASCII) and IDM (Unicode).


54

Review and Housekeeping

You should set standards for the use of IDEA. These may vary fromorganization to organization depending on the uses IDEA is put to andthe existing procedures, style and culture of the organization.However they should include:

l Setting of objectives

l Required documentation

l Reconciliation and checks on files

l Review of work done

l Security

l Backup of work

l Housekeeping

Set Objectives The range of tests available with IDEA is so wide that you couldpotentially waste a considerable amount of time and effort onirrelevant tests if you do not set objectives. It always pays to knowwhat you want to achieve.

RequiredDocumentation

Documentation depends on an audit department's procedures butshould cover:

l Importing the file

l Objectives

l Description of the data

l A list of the test carried out perhaps with standard schedules forreconciliation, file details, and review

Reconciliationsand Checks onFiles

Most files can be agreed to known control totals. These may be recordcounts, totals of certain financial fields, or slightly more complexanalyses of certain fields. In addition, it is usually a good idea toagree each field in a selection of records to screen enquires orprintouts to check that they have been imported correctly.

Section 3: Review and Housekeeping

55

Review of WorkDone

As with any technique, you may make mistakes when using IDEA.Hence, make sure you review your work. Review procedures are oftencompliance based, checking that documentation is complete and thatreconciliations have been carried out. However, you should also checkthe actual History from each interrogation. The most common errorsare incorrect:

l Specified formulae

l Join Databases order with primary and secondary files

l Join Databases method used (there are five methods)

l Fields totaled on summarization

l Order of summarizations and extractions.

You can check all of these in true auditing fashion on a printed (orelectronic) copy of the History.

The History can be printed or saved to a file which can be edited. Youcan also add comments to your database through Comments.

Backup You should back up relevant files regularly to protect against loss ofwork. Files used by IDEA are kept in the chosen IDEA project or IDEAServer project and can be backed up in their entirety or individually.Contact your IDEA Server Administrator for information on accessingdatabase files on the server. The IDEA files have the file nameextension .imd (for ASCII) and .idm (for Unicode) and can be copiedusing any standard utility (for example, File Manager or Explorer).This includes the History, notes, and other associated files. Note thatequations, views, and script files are saved separately.

Housekeeping Once you have completed the IDEA work and backed up the requiredfiles, you can delete the client directory/folder. You can do this from autility such as Windows Explorer or File Manager.

Section 4

Managing the Use of IDEA

To get the best out of IDEA, you need to use it for an appropriatepurpose and keep to the objectives.

In managing the use of IDEA, consider the following:

l Check that the planning has identified a series of goodobjectives. These may be analysis work, exception tests,duplicates, matching, or any of the tests listed later.

l Check that work is not being duplicated. If IDEA is being usedthen it is likely that some manual work or tests can be dropped(unless IDEA is being used for new or additional exercises).

l Budget the time to be spent on using IDEA. The time to performtests and create reports is relatively brief. What can takeconsiderable time is following up the items in the report.

l IDEA can often generate a number of very useful reports formanagement. The auditee's needs should be considered and anyextra value that can be obtained taken.

l Comply with all relevant legislation. Some countries have lawsregarding the use of data, notably personal data. Care needs tobe taken that no legislation is being breached.

Documents

Auditing With IDEA - CaseWare · Contents 7 ExceptionTesting 51 Cross-Checking 51 Duplicates 51 Completeness 51 Cut-Off 51 OtherAuditObjectives 51 DetermineDataRequirements 52 DataAvailability