College Finder
English flagItalian flagKorean flagChinese (Simplified) flagGerman flagFrench flagSpanish flagJapanese flagArabic flagRussian flagGreek flagDutch flagBulgarian flagCzech flagCroat flagDanish flagFinnish flagHindi flagPolish flagRumanian flagSwedish flagNorwegian flag
By N2H




IS Audit Process

June 24, 2008

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting and have a nice day!

Audit Objectives:

The basic purpose of an IS Audit is to identify control objectives and the related controls that address the objective. Audit objectives refer to a specific goal of the audit and it centers around substantiating that internal controls exists to minimize business risks.

Audit process:

  • Plan: this involves assessing the risk, then developing an audit program i.e. objectives and procedures.

  • Obtain evidence:

  • Evaluate evidence: this involves evaluating the strength and weakness of controls.

  • Prepare and present report.

  • Follow up: this involves taking corrective action by management.

The basic steps followed in performing an audit include:

  • Obtaining and recording of an understanding of the audit area/subject.

  • Carrying out risk assessment and a general audit plan/schedule.

  • Carry out detailed audit planning.

  • Carry out preliminary review of the audit area/subject.

  • Evaluating audit areas/subject.

  • Compliance testing i.e. test of controls.

  • Substantive testing.

  • Reporting

  • Follow up

Procedures for testing and evaluating IS controls.

  • One can use generalized audit software to survey contents of data files.

  • Use of specialized software to assess as parameter files.

  • Use of flowcharting techniques for documenting automated applications.

  • Use of audit reports available

An audit program is a step by step audit procedures and instructions that should be performed to complete an audit. It is actually a guide to performing or documenting various audit steps performed, the type and extent of evidential matters to be reviewed.

An audit program provides the trail of the process used and provides accountability for performance.

Audit phases: There are various phases in an audit. these are:

  • Audit subject: identify the area to be audited.

  • Audit objective: identify purpose of audit.

  • Audit Scope

  • Pre-audit planning

  • Audit procedures and steps for data gathering.

  • Procedures for evaluating the tests or reviewing results (organization specific).

  • Procedures for communication with management (organization specific)

  • Audit report preparation.


Audit Objective

An audit objective is to identify the purpose of an audit e.g. determining that source code changes occur in a well defined and controlled manner.

Audit Scope:

An audit scope identifies the specific function, system or organizational unit to be included in the review e.g. in the above example, you can check that source code changes occur in a well defined and controlled manner in a single application or a limited period of time e.g.3 months.

Pre_audit planning

  • This involves identifying technical skills and resources required.

  • Identify sources of information for tests of review e.g. functional flowcharts, procedures, policies, standards, pros audit papers.

  • Identify locations and facilities to be audited.

Audit Planning

Obtain an understanding of the client by obtaining background information about the client, obtaining information about the client’s legal obligations and assess acceptability of audit risk and inherent risk.

Audit Procedures and steps for data gathering:

  • Identify and select audit approach to verify and test controls.

  • Identify individuals you want to interview.

  • Identify and obtain departmental policies, standards and guidelines for review.

  • Develop audit tools and methodology to test and verify control.

Audit report preparation:

  • Identify following review procedures.

  • Identify procedures to evaluate/test operational efficiency and effectiveness.

  • Identify procedures to test controls.

  • Review and evaluate the soundness of documents, policies and procedures.

Fraud Detection

It is management’s responsibility to establish, implement and maintain a framework and design of IT controls to meet internal control objectives. A well designed framework helps to deter fraud and it enables timely detection f frauds.

When it comes to fraud:

  • IS auditors should be alert to the possibilities of opportunities that allow a fraud to materialize and should observe and exercise professional care in all aspects of their work.

  • IS auditors should have knowledge of fraud indicators and during audit work, they should be alert to possibilities of fraud and errors.

  • In case an auditor identifies a major fraud, where the risk associated with the detection is high, they should consider communicating to the audit committee.

  • When an IS auditor comes across instances of fraud, or indicators of fraud he/she may carefully evaluate, communicate the need for a detailed investigation to appropriate authorities.


Page copy protected against web site content infringement by Copyscape

Written by admin · Filed Under IT Audit 

Comments

Got something to say?





FireStats icon Powered by FireStats