1 / 45

Information Systems Auditing

Information Systems Auditing. Information Systems Environment: Why are Control and Auditability Important?. Introduction.

makala
Download Presentation

Information Systems Auditing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Systems Auditing

  2. Information Systems Environment: Why are Control and Auditability Important?

  3. Introduction • In today’s business environment, there is increasing reliance on information systems to support business needs. Auditing provides “independent and objective assurance that information is processed in a safe and sound manner; that operations are efficient, effective, and adequate; and that information assets are safeguarded.

  4. The Business Environment • Business Strategy & Operations • Business partnerships, • Multiple distribution channels • Get products to market faster • Mergers, downsizing • Technologically • Heavy reliance on technology to be competitive • E-commerce via Internet

  5. The IT Environment • Increase system quality and functionality • Improve service levels • Decrease delivery time • More reliance on IT vendors and their strategies

  6. Business Risks • Activities or events that might interfere with meeting business objectives • Probability or likelihood that loss will occur • Measure of loss if it occurs

  7. Business Risks • Inherent (environmental) • Fraud • Lost opportunities • Loss of competitiveness

  8. IT Risks • Unauthorized access • Inaccurate • Unreliable information • System unavailability

  9. Information Systems Audit Defined “The process of collecting and evaluating evidence to determine whether a computer system safeguards assets, maintain data integrity, allows organizational goals to be achieved and determine the efficient use of resources”

  10. Business Needs • Organizations must Control and Audit Computer-Based Information Systems • Must have Procedures to detect errors and irregularities. • Must have Procedures to contain cost of Controls and Development.

  11. Need for Controls The Organization must protect itself from: • Corruption of Data and Database • Poor decision making due to poor quality information • Losses due to abuse • Loss of hardware, software and personnel • Maintenance of Privacy

  12. Computer Abuse • Hacking • Viruses • Illegal Physical Access • Abuse of Privileges

  13. Consequence of Abuse • Destruction of Assets • Theft of Assets • Modification of Assets • Privacy violations • Disruption of operations • Un-authorized use of assets • Physical harm to Personnel

  14. The Information Systems Audit Function • Used to safeguard Assets • Maintain Data Integrity • Achieve system efficiency

  15. Asset Safeguarding • Hardware • Software • Facilities • Personnel (Knowledge) • Data files and systems documentation • Supplies

  16. Data Integrity • Completeness • Soundness • Accuracy • Conciseness

  17. Value of Data Integrity • Value to Decision Makers • Extent of data sharing • Value to competitors • Compliance Issues

  18. Effectiveness • Achieving stated objective • Satisfaction of users needs

  19. Efficiency - Performance Index • Timeliness – Provide user responses • Throughput – Performance over time • Utilization – Time system is busy • Reliability - Availability

  20. Auditors Judgment • Must use a model of workload system • Must be aware of the cost of the evaluation • System may not yet be operational • Model used must correctly simulate the real system and environment

  21. Internal Controls • Separation of Duties • Delegation of Authority and Responsibility • Competent Personnel • System Authorization • Document and Records

  22. Internal Controls • Management Supervision • Independent Checks on Performance • Accountability of Assets

  23. Effects of Computers on Auditing • Change in evidence collection • Change in evidence evaluation

  24. Information Systems Auditing • Traditional Auditing • Information Systems Management • Behavioral Science • Computer

  25. Conducting an information System Audit

  26. Nature of Controls Auditors have to evaluate the reliability of controls. They therefore have to have an understanding of the control environment and the system of controls.

  27. Nature of Controls Controls fall into three categories: • Preventive • Detective • Corrective

  28. Purpose of Controls • Decreasing the probability of a loss occurring • Limiting the losses if they occur.

  29. Dealing with Complexity • Break systems into subsystems • Determine the reliability of each subsystem. (Decomposing or Factoring)

  30. Types of Subsystems-Management • Top Management • Information Systems Management • Systems Development • Programming • Data Administration • Quality Assurance • Security Administration • Operations Management

  31. Types of Subsystems-Application • Input • Communications • Processing • Database • Output

  32. Assessing Subsystem Reliability • Controls at the higher or subsystem level • Cost/Benefit analysis

  33. Inherent Risk Factors • Financial Systems • Strategic Systems • Critical Operations • Technologically Advanced Systems

  34. Audit Procedures • Gaining Understanding of Internal Controls • Test of Controls • Substantive Test of Transactions • Substantive Test of Details of Balances

  35. Gaining an Understanding of Internal Controls

  36. Information technology Global operations Human capital Understanding of the Client’s Business and Industry What are some factors that have increased the importance of understanding the client’s business and industry?

  37. Understanding of the Client’s Business and Industry Understand client’s business and industry. Industry and external environment Business operations and processes Management and governance Objectives and strategies Measurement and performance

  38. Industry and External Environment What are some reasons for obtaining an understanding of the client’s industry and external environment? 1. Risks associated with specific industries 2. Inherent risks common to all clients in certain industries 3. Unique accounting requirements

  39. Planning the Audit • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring

  40. Types of Test • Existence • Occurrence • Completeness • Rights and Obligations • Valuation and Allocation • Presentation and Disclosure

  41. Completing the Audit Opinion • Disclaimer • Adverse • Qualified • Unqualified

  42. Auditing Around the Computer • Straightforward logic • Batched transactions • Processing is mainly sorting and data input • Clear Audit Trail • Constant System

  43. Auditing Through the Computer • Inherent risks associated with Computer Applications • More difficult to do extensive direct examination of input and output in high volume systems. • Significant parts of the control system are embedded in the computer system. • Processing logic may be complex. • Cost/Benefit considerations may leave significant gaps in the controls and visible audit trail.

  44. Leave the Technology to the TECKIES? Questions????????????????

  45. END

More Related