1 / 16

Introduction to IT Audit

Introduction to IT Audit. INTOSAI IT AUDIT TRAINING Session 2. Module Objective. To introduce the participants to the concept of IT Audit and the processes and procedure involved in carrying out an IT Audit. Module contents. Definition and need for IT Audit Types of IT Audit

kevini
Download Presentation

Introduction to IT Audit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to IT Audit INTOSAI IT AUDIT TRAINING Session 2

  2. Module Objective • To introduce the participants to the concept of IT Audit and the processes and procedure involved in carrying out an IT Audit

  3. Module contents • Definition and need for IT Audit • Types of IT Audit • IT Audit process • Planning for IT Audit • Audit execution • Reporting and follow-up • Quality assurance • Use of external consultants

  4. Session Objectives • The objective of this session is to define IT audit and explain the types of IT audits to the trainees

  5. Definition of IT Audit • It Audit can broadly be defined as the “process of obtaining and evaluating evidence to determine whether an IT system safeguards organisational assets, uses resources efficiently, maintains data security and integrity and fulfils the business objectives effectively”

  6. Need for IT Audit • Widespread use of computers in government organisations • Transaction processing • Financial statements • Decision support functions • Data mining • Auditors need to consider impact of IT systems on audit methodology and techniques

  7. Audit concerns relating to use of computers • Changes in internal control environment; • Reduced accountability due to anonymity of the users; • Possibility of unauthorised and unrecorded amendments to the data; • Absence of a visible audit trail and/or paper-based documentation; • Changes in audit evidence;

  8. Audit concerns relating to use of computers (contd.) • Possibility of duplication / non- inclusion of data; • New opportunities and mechanisms for fraud and error; • Distributed data storage and processing; • Confidentiality and integrity of key business information; • Increased risks on account of communications within and across organisations, especially the Internet; and • System failures / shutdowns.

  9. Types of IT Audit • Controls review • Audit of financial systems • Performance/VFM audit of IT systems • Audit of developing systems • Forensic audit • Security audit • Computer Assisted Audit Techniques (CAATs)

  10. Types of IT Audit Controls Review • A detailed review of the manual and automated controls in an IT system, with the objective of assessing the extent of reliance that can be placed on the transactions processed and reports generated by the system

  11. Types of IT Audit (contd.) Audit of financial systems • Audit of financial statements processed/ generated by an IT system, with a view to expressing an audit opinion

  12. Types of IT Audit (contd.) Performance or VFM audit of IT systems • Examination of an IT system to assess whether the intended objectives of implementing the system have been achieved effectively, with due regard to economy and efficiency

  13. Types of IT Audit (contd.) Audit of Developing Systems • Concurrent audit of the IT systems development process to assess whether the system planning, design and development is done in a structured fashion in a controlled environment, and in compliance with the specified methodology; • adequate and effective controls are considered at each stage of the system development process; and • the system provides for an adequate audit trail

  14. Types of IT Audit (contd.) Forensic audit • In cases of suspected fraud, illegal acts or violations of company policies and procedures, an investigation to collect audit evidence, by using appropriate tools/ devices to retrieve data in a legally defensible fashion from computer devices (including PDAs, mobile phones etc.) used by the suspect; and • analyse the data collected to determine the extent of illegal acts and the culpability of persons involved

  15. Types of IT Audit (contd.) Security audits • Audits of security controls in IT systems to assess the extent to which confidentiality, integrity and availability of data and systems is maintained, commensurate with the risk profile of the IT system and the organisation

  16. Types of IT Audit (contd.) Computer Assisted Audit Techniques (CAATs) • Using automated audit tools and software to:Download data from auditee IT systems; • Analyse auditee data for achieving traditional audit objectives (either financial or performance audit); and • Validation of programs and code in IT systems

More Related