IT audit training for Introduction to IT Audit
- Slides: 16
IT audit training for Introduction to IT Audit INTOSAI IT AUDIT TRAINING Session 2 March 2007 Introduction to IT Audit : S 2/ 1
IT audit training Module Objective for F March 2007 To introduce the participants to the concept of IT Audit and the processes and procedure involved in carrying out an IT Audit Introduction to IT Audit : S 2/ 2
IT audit training Module contents for F F F F March 2007 Definition and need for IT Audit Types of IT Audit process Planning for IT Audit execution Reporting and follow-up Quality assurance Use of external consultants Introduction to IT Audit : S 2/ 3
IT audit training Session Objectives for F March 2007 The objective of this session is to define IT audit and explain the types of IT audits to the trainees Introduction to IT Audit : S 2/ 4
IT audit training Definition of IT Audit for F March 2007 It Audit can broadly be defined as the “process of obtaining and evaluating evidence to determine whether an IT system safeguards organisational assets, uses resources efficiently, maintains data security and integrity and fulfils the business objectives effectively” Introduction to IT Audit : S 2/ 5
IT audit training Need for IT Audit for F Widespread use of computers in government organisations V V F March 2007 Transaction processing Financial statements Decision support functions Data mining Auditors need to consider impact of IT systems on audit methodology and techniques Introduction to IT Audit : S 2/ 6
Audit concerns relating to use of computers IT audit training for F F F March 2007 Changes in internal control environment; Reduced accountability due to anonymity of the users; Possibility of unauthorised and unrecorded amendments to the data; Absence of a visible audit trail and/or paper -based documentation; Changes in audit evidence; Introduction to IT Audit : S 2/ 7
Audit concerns relating to use of computers (contd. ) IT audit training for F F F March 2007 Possibility of duplication / non- inclusion of data; New opportunities and mechanisms for fraud and error; Distributed data storage and processing; Confidentiality and integrity of key business information; Increased risks on account of communications within and across organisations, especially the Internet; and System failures / shutdowns. Introduction to IT Audit : S 2/ 8
IT audit training Types of IT Audit for F F F F March 2007 Controls review Audit of financial systems Performance/VFM audit of IT systems Audit of developing systems Forensic audit Security audit Computer Assisted Audit Techniques (CAATs) Introduction to IT Audit : S 2/ 9
IT audit training Types of IT Audit for Controls Review F A detailed review of the manual and automated controls in an IT system, with the objective of assessing the extent of reliance that can be placed on the transactions processed and reports generated by the system March 2007 Introduction to IT Audit : S 2/ 10
IT audit training Types of IT Audit (contd. ) for Audit of financial systems F Audit of financial statements processed/ generated by an IT system, with a view to expressing an audit opinion March 2007 Introduction to IT Audit : S 2/ 11
IT audit training for Types of IT Audit (contd. ) Performance or VFM audit of IT systems F Examination of an IT system to assess whether the intended objectives of implementing the system have been achieved effectively, with due regard to economy and efficiency March 2007 Introduction to IT Audit : S 2/ 12
IT audit training Types of IT Audit (contd. ) for Audit of Developing Systems F Concurrent audit of the IT systems development process to assess whether the system planning, design and development is done in a structured fashion in a controlled environment, and in compliance with the specified methodology; F adequate and effective controls are considered at each stage of the system development process; and F the system provides for an adequate audit trail March 2007 Introduction to IT Audit : S 2/ 13
IT audit training Types of IT Audit (contd. ) for Forensic audit F In cases of suspected fraud, illegal acts or violations of company policies and procedures, an investigation to collect audit evidence, by using appropriate tools/ devices to retrieve data in a legally defensible fashion from computer devices (including PDAs, mobile phones etc. ) used by the suspect; and F analyse the data collected to determine the extent of illegal acts and the culpability of persons involved March 2007 Introduction to IT Audit : S 2/ 14
IT audit training Types of IT Audit (contd. ) for Security audits F Audits of security controls in IT systems to assess the extent to which confidentiality, integrity and availability of data and systems is maintained, commensurate with the risk profile of the IT system and the organisation March 2007 Introduction to IT Audit : S 2/ 15
IT audit training Types of IT Audit (contd. ) for Computer Assisted Audit Techniques (CAATs) F Using automated audit tools and software to: Download data from auditee IT systems; F Analyse auditee data for achieving traditional audit objectives (either financial or performance audit); and F Validation of programs and code in IT systems March 2007 Introduction to IT Audit : S 2/ 16
Fspos
Typiska novell drag
Nationell inriktning för artificiell intelligens
Vad står k.r.å.k.a.n för
Shingelfrisyren
En lathund för arbete med kontinuitetshantering
Adressändring ideell förening
Tidbok för yrkesförare
Sura för anatom
Vad är densitet
Datorkunskap för nybörjare
Stig kerman
Mall debattartikel
Delegerande ledarstil
Nyckelkompetenser för livslångt lärande
Påbyggnader för flakfordon
Kraft per area
