Overview of Systems Audit

Slides:



Advertisements
Similar presentations
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Advertisements

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems
Information Technology Control Day IV Afternoon Sessions.
Auditing Computer-Based Information Systems
Internal Control.
The Islamic University of Gaza
Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Internal Control in a Financial Statement Audit
The Information Systems Audit Process
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.
Session 3 – Information Security Policies
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Evolving IT Framework Standards (Compliance and IT)
(SIA) 14 Internal Audit in an Information Technology Environment Standard should be read in the conjunction with the “Preface to the Standards on Internal.
Chapter 5 Internal Control over Financial Reporting
Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.
Internal Control in a Financial Statement Audit
OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP YAP YONG TECK TAN YUAN JUE TAY QIU JIE GROUP MEMBER:
IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
Auditing Information Systems (AIS)
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
Conducting an Information Systems Audit
S4: Understanding the IT environment of the entity.
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
IT Controls Global Technology Auditing Guide 1.
Principles of Information Systems, Sixth Edition 1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Copyright: Internal Auditing: Assurance and Advisory Services, by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte.
Chapter 8 Auditing in an E-commerce Environment
The Impact of Information Technology on the Audit Process
© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham and D. Anandarajah. Slides prepared by Kaye.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
1. Internal control system
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Internal Audit & Accounting Systems Review
Internal Control Principles
INFORMATION SYSTEMS SECURITY AND CONTROL.
Internal Control.
Information Technology Controls
Computer Control & Audit
The Impact of Information Technology on the Audit Process
Computer-Based Processing: Developing an Audit Assessment Approach
The Impact of Information Technology on the Audit Process
INFORMATION SYSTEMS SECURITY and CONTROL
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Overview of Systems Audit Chapter 1: Overview of Systems Audit

Information Systems Audit Examination of various controls in information systems Design and working of controls Process, practices, and operations. The auditor forms an opinion whether information systems safeguards assets, maintains data integrity, and operates effectively and efficiently to achieve the agreed goals and objectives of the entity.

Information System Environment Regulations IT Governance Policies Disaster Recovery Procedures Legal Issues Services Monitoring Documentation Hardware Internal Controls Software Audits Information

Legal Requirement of Information Systems Audit Sarbanes Oxley Act 2002 Directions from various statutory and regulatory agencies Even financial audit requires testing of adequacy and efficiency of internal control before expressing an audit opinion.

Information System Assets Information assets Software assets Physical assets Other technical equipment Services

Optimizing Computerization Systems audit focuses on Standardization of hardware, operating systems, system software, and applications Whether information flow is smooth and it’s integrity is not compromised. Test of efficiency and search for emerging vulnerabilities. Risk assessment for security breaches that may arise from communication and networking infrastructure.

Optimizing Computerization Systems audit focus (Cont’d) Risk assessment for security breaches that may occur in the auditee organisation. Assurance of migration and maintenance of data integrity. Availability of human resources vis-a-vis success and failure of information technology projects. Security maintenance for usage of plastic cards and e-commerce interface integrated in regular functioning of the auditee.

General Controls Organization and operation controls Systems development and documentation controls Hardware and system software controls Access controls Data and procedural controls Business continuity control

Application Controls Input control Processing control Output control

Objective Based Control Classification Directive controls Preventive controls Detective controls Corrective controls Recovery controls

Impact of Computers on Information Changes in The way of Working Processing of Data Storage of Data Telecommunication Data Accessibility Security Methodology Maintenance of data Transaction Initiation Inputs Authorisation Movement of Documents Transaction Processing Complexity of Processing Information Storage Outputs Filing of Documents System of Back-up Audit Trails Procedure Manual Monitoring & Supervision Segregation of Duties

Impact of Computers on Auditing Computerized audit trails Interwoven complex systems Transaction walkthroughs Entropy in complex systems Outsourced and distributed information

Information Systems Audit Coverage Hardware security issues Software security issues IS Audit Requirements Conducting IS Audit Risk based IS Audit Auditing Disaster Recovery Plans Auditing E-commerce Environment Legal Framework Security Testing Information Security Grading (ISecGrade) Framework

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.