Chapter Nine Conducting the IT Audit. Audit Standards AICPA — Statements of Auditing Standards (SASs) AICPA — Statements of Auditing Standards (SASs)

Slides:



Advertisements
Similar presentations
COBIT® 5 for Assurance Introduction
Advertisements

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.
SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports.
Reports on Audited Financial Statements
Assurance Services and Auditing Research Chapter 8.
BA 427 – Assurance and Attestation Services Lecture 18 The Types of Services Offered by Public Accounting Firms.
The Islamic University of Gaza
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
Assurance Services and Auditing Research Chapter 8.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.
New Audit Risk Standards Are You Ready? John P. Langan, CPA Principal in Charge Public Service Group Metro, DC Office LarsonAllen LLP.
Module A1 Other Public Accounting Services ACCT 4080.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
The Demand for Audit and Other Assurance Services Chapter 1.
©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Other Assurance Services Chapter 25.
5-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Audit Planning.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Other Assurance Services Chapter 24.
Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
The CPA Profession Chapter 2.
Reports on Audited Financial Statements
The 30,000-foot View of Financial Auditing. Financial Statements -Income Statement -Balance Sheet -Cash flow Statement -Notes to F/S Audit Opinions -Financial.
SAS 70 (Statement on Auditing Standards No. 70) Kelley Piner Charles Roberts Ashley Walker.
Auditing & Assurance Services, 6e
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
An Introduction to Assurance and Financial Statement Auditing
Service Organization Control (SOC) Reporting Options and Information
The CPA Profession Chapter 2 By Arens et. al. Learning Objective 1 Describe the nature of CPA firms, what they do, and their structure.
New Auditing Standards Laurie Ball, CPA Swenson Advisors, LLP (Murrieta) Audit Director Accounting Day May 12, 2008.
Chapter Three IT Risks and Controls.
Evidence and Documentation
1 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
“In law a man is guilty when he violates the rights of another. In ethics he is guilty if he only thinks of doing so.” -Immanuel Kant, 1775.
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Chapter 8: Client Risk Profile and Documentation
Assurance Report on Controls at Service Organizations SAE 3402
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens//Elder/Beasley Other Assurance Services Chapter 25.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 5-1 Chapter Five Audit Planning and Types of Audit Tests Chapter.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Chapter 20 Additional Assurance Services: Other Information McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
ISSAI 400 Compliance Auditing
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
Chapter 4 Audit Evidence and Audit Documentation McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
OVERVIEW THE AUDIT PROCESS Overview of the Audit Process.
Chapter 5 Evidence and Documentation McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Audit Evidence Process
Chapter 02 Professional Standards McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Audit Objectives To obtain reasonable assurance whether the Financial Statements are free of material misstatement To express the opinion whether the F/S.
SAS No. 70, Service Organizations A standard for reporting on a service organization’s controls affecting user entities' financial statements. Only for.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Other Assurance Services Chapter 25.
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8 th Edition Modern Auditing: Assurance Services and the Integrity of Financial.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 4-1 Chapter Four Audit Evidence and Audit Documentation Chapter.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
The Demand for Audit and Other Assurance Services
PLANNING, MATERIALITY AND ASSESSING THE RISK OF MISSTATEMENT
The Demand for Audit and Other Assurance Services
Chapter Two The CPA Profession
BASIC AUDITING CONCEPTS: MATERIALITY, RISK ASSESSMENT, AND EVIDENCE
Service Organization Control (SOC)
Other Assurance Services
 Phase I - Client Acceptance  Phase II - Planning  Phase III – Field work/Testing and Evidence  Phase IV – Reporting/Evaluation and Judgment PREPARED.
Other Assurance Services
Other Assurance Services
Chapter 20 Additional Assurance Services: Other Information
Canadian Auditing Standards (CAS)
Presentation transcript:

Chapter Nine Conducting the IT Audit

Audit Standards AICPA — Statements of Auditing Standards (SASs) AICPA — Statements of Auditing Standards (SASs) ISACA—IS Audit Standards, Guidelines, and Procedures ISACA—IS Audit Standards, Guidelines, and Procedures AICPA —Statement on Standards for Attestation Engagements (SSAE) AICPA —Statement on Standards for Attestation Engagements (SSAE) IFAC —International Auditing Standards IFAC —International Auditing Standards ISACA —CobiT ISACA —CobiT

The IT Audit Lifecycle Planning Planning Risk Assessment Risk Assessment Prepare Audit Program Prepare Audit Program Gather Evidence Gather Evidence Form Conclusions Form Conclusions Deliver Audit Opinion Deliver Audit Opinion Follow Up Follow Up

Planning Scope and control objectives Scope and control objectives Materiality Materiality Outsourcing Outsourcing Gain an understanding of the client and client’s industry, business risks Gain an understanding of the client and client’s industry, business risks

Risk Assessment Shift is to risk-based audit approach Shift is to risk-based audit approach “What can go wrong” “What can go wrong” High risk areas require more audit effort High risk areas require more audit effort Materiality important Materiality important

The Audit Program Includes: Includes: –Scope –Audit objectives –Audit procedures –Administrative details such as planning and reporting Generic audit programs are customized for the client and client’s technology Generic audit programs are customized for the client and client’s technology

Gathering Evidence Evidence includes: Evidence includes: –Observations –Documentary evidence –Flowcharts, narratives, written policies –CAATs procedures Sampling Sampling –Attribute sampling used by IT auditors

Forming Conclusions Identify reportable conditions Identify reportable conditions

The Audit Opinion Per Guidelines 70, should include: Per Guidelines 70, should include: –Name of organization being audited –Title, signature, and date –Statement of audit objectives and whether these were met –Scope of the audit –Any scope limitations –Intended audience

The Audit Opinion (Cont’d.) Standards used to perform the audit Standards used to perform the audit Detailed explanation of findings Detailed explanation of findings Conclusion, including reservations or qualifications Conclusion, including reservations or qualifications Suggestions for corrective action or improvement Suggestions for corrective action or improvement Significant subsequent events Significant subsequent events

4 Main Types of IT Audits Attestation Attestation Findings and Recommendations Findings and Recommendations SAS 70 SAS 70 SAS 94 SAS 94

Attestation Standard is SSAE 10 Standard is SSAE 10 Includes: Includes: –Data analytic reviews –Commission agreement reviews –Webtrust engagements –Systrust engagements –Financial projections –Compliance reviews

Findings and Recommendations Consulting, or advisory services Consulting, or advisory services Include: Include: –Systems implementations –Enterprise resource planning implementation –Security reviews –Database application reviews –IT infrastructure and improvements needed engagement –Project management –IT Internal audit services

SAS 70 Audit Applicable to any service organization that wishes to assure its clients of the existence and effectiveness of internal controls relative to the service provided Applicable to any service organization that wishes to assure its clients of the existence and effectiveness of internal controls relative to the service provided Two types of SAS 70 audits Two types of SAS 70 audits –Type I –Type II

Types of SAS 70 reports Type I: A “walkthrough,” that describes a company’s internal controls but does not perform detailed testing of these controls Type I: A “walkthrough,” that describes a company’s internal controls but does not perform detailed testing of these controls Type II: Detailed testing of controls around the service provided Type II: Detailed testing of controls around the service provided

SAS 94 Requires the auditor to: Requires the auditor to: –Consider how a client’s IT processes affect internal control, evidential matter, and the assessment of control risk; –Understand how transactions are initiated, entered and processed through the IS, and –Understand how recurring and nonrecurring journal entries are initiated, entered, and processed through the IS

Components of a SAS 94 audit Physical and environmental review Physical and environmental review Systems administration review Systems administration review Application software review Application software review Network security review Network security review Business continuity review Business continuity review Data integrity review Data integrity review

Using CobiT to Perform an Audit If no audit program exists, use CobiT to develop the audit program, or If no audit program exists, use CobiT to develop the audit program, or Map existing audit program to company objectives Map existing audit program to company objectives

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.