Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Information Systems Audit Process

Published byBeverly Warner Modified over 8 years ago

Similar presentations

Presentation on theme: "The Information Systems Audit Process"— Presentation transcript:

1 The Information Systems Audit Process
CISA : Chapter #1 The Information Systems Audit Process

2 The Information Systems Audit Process
Definitions : Control : The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected. CISA : Chapter #1 The Information Systems Audit Process

3 The Information Systems Audit Process
Definitions : IT Control Objective A statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity. CISA : Chapter #1 The Information Systems Audit Process

4 The Information Systems Audit Process
Definitions : IT Governance A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes CISA : Chapter #1 The Information Systems Audit Process

5 The Information Systems Audit Process
Definitions : IT Framework A successful organization is built on a solid framework of data and information. The Framework explains how IT processes deliver the information that the business needs to achieve its objectives. This delivery is controlled through 34 high-level control objectives, one for each IT process, contained in the four domains. The Framework identifies which of the seven information criterion (effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability), as well as which IT resources (people, applications, technology, facilities and data) are important for the IT processes to fully support the business objective CISA : Chapter #1 The Information Systems Audit Process

6 The Information Systems Audit Process
Definitions : Audit Mission In the light of Management Objectives well documented AUDIT Charter defining overall Authority, Scope and Responsibility of the AUDIT function approved by Top Management Risk Assessment Familiarity with Business Regulatory Environment CISA : Chapter #1 The Information Systems Audit Process

7 The Information Systems Audit Process
Risk Analysis : Risk The potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the assets. The impact or relative severity of the risk is proportional to the business value of the loss/damage and to the estimated frequency of the threat. Risk Elements Threat Impact Frequency CISA : Chapter #1 The Information Systems Audit Process

8 The Information Systems Audit Process
Risk Analysis : Business Risk Are those threats that may impact the assets, processes or objectives of a specific business organization. The natures of these threats may be : Financial Regulatory Operational Or may arise as a result of the interaction of the business with its environment Or may arise in result of the strategies, systems and particular technology, process, procedure and information system used by the business CISA : Chapter #1 The Information Systems Audit Process

9 The Information Systems Audit Process
Internal Control Policies, procedures, practices and organizational structure put into place to reduce risks. Control Classification Preventive Detective Corrective CISA : Chapter #1 The Information Systems Audit Process

10 Control Classification
CISA : Chapter #1 The Information Systems Audit Process

11 The Information Systems Audit Process
Internal Control Objectives Are statements of the desired result or purpose to be achieved by implementing control procedure in a particular activity. Internal Accounting Controls Operational Controls Administrative Controls CISA : Chapter #1 The Information Systems Audit Process

12 The Information Systems Audit Process
Internal Control Objectives include : Safeguard of information technology assets Compliance to corporate policies or legal requirements. Authorization/Input Accuracy and completeness of processing of transactions Output Reliability of process Backup / Recovery Efficiency and economy of operation CISA : Chapter #1 The Information Systems Audit Process

13 The Information Systems Audit Process
IS Control Objectives include : Safeguard Assets Integrity of general operations Integrity of sensitive and critical application Systems through: Authorization, Accuracy Reliability Completeness and security of Output Database Integrity Efficiency & Effectiveness Compliance Continuity & Disaster Recovery Plan Incident Response and Handling plan CISA : Chapter #1 The Information Systems Audit Process

14 The Information Systems Audit Process
IS Systems Control Procedures include : Strategy and Direction General Organization and management Access to data and programs System development methodologies and change control Data Processing operations Systems programming and technical support functions Data Processing and quality assurance procedures Physical access controls Business continuity/Disaster recovery planning Networks and communications Data Administration CISA : Chapter #1 The Information Systems Audit Process

15 The Information Systems Audit Process
An Information System Audit : “ Any Audit that encompasses review and evaluation of automated information processing, related non-automated processes and the interfaces between them.” Classification of Audits : Financial Audit Operational Audit Integrated Audit Administrative Audits Information System Audits Special Audit (3rd Party & Forensic – Frauds and crimes) CISA : Chapter #1 The Information Systems Audit Process

16 The Information Systems Audit Process
Audit Procedures : Understanding of the Audit area/subject Risk Assessment Detailed audit planning Preliminary review of Audit area / subject Evaluating Audit are/subject Compliance Testing ( often test of controls) Substantive testing Reporting Follow-up CISA : Chapter #1 The Information Systems Audit Process

17 The Information Systems Audit Process
Audit Risk : Risk that the information/financial report may contain material error that may go undetected during the course of Audit Categories of Audit Risk : Inherent Risk Control Risk Detection Risk Overall Audit Risk CISA : Chapter #1 The Information Systems Audit Process

18 The Information Systems Audit Process
Risk Assessment Techniques : These techniques may be computerized non-computerized, Scoring and Judgment based upon business knowledge, executive management directives, historical perspective, business goals and environmental factors CISA : Chapter #1 The Information Systems Audit Process

19 The Information Systems Audit Process
Compliance Testing : A compliance test determines if control are being applied in a manner that comply with management policies and procedures. Substantive Testing: A Substantive test substances the integrity of actual processing. CISA : Chapter #1 The Information Systems Audit Process

20 Risk Based Audit Approach
CISA : Chapter #1 The Information Systems Audit Process

21 The Information Systems Audit Process
Evidence : Evidence is any information used by the auditors whether the entity or data being audited follows the established audit criteria or objective. These should be sufficient, relevant and competent Reliability of Evidences: Independence of the provider Qualification of the provider Objectivity of the evidence Timing of the evidence CISA : Chapter #1 The Information Systems Audit Process

22 The Information Systems Audit Process
Evidence gathering Techniques : Reviewing IS organization structures Reviewing IS Policies Reviewing IS Standards Reviewing IS documentation Interviewing appropriate personnel Observing processes and employees performance. CISA : Chapter #1 The Information Systems Audit Process

23 The Information Systems Audit Process
Computer Assisted Audit techniques : Generalized Audit Software, Utility Software, test data, application software tracing and mapping and expert systems. These tools can be used for Test of details of transactions and balances Analytical review procedures Compliance test of IS general controls Compliance Test of Application controls Penetration and OS vulnerabilities CISA : Chapter #1 The Information Systems Audit Process

24 The Information Systems Audit Process
CAATs Advantages : Reduced Level of Audit Risk Greater independence from the auditee Broader and more consistent audit coverage Faster availability of information Improved exception identification Greater flexibility of run times Greater opportunity to quantify internal control weakness Enhanced sampling Cost saving over time CISA : Chapter #1 The Information Systems Audit Process

25 The Information Systems Audit Process
Evaluation of Strengths and weaknesses of Audit : Judgment Control Matrix (ranking) (Col-known type of errors) (Row-Known Controls) Compensating/Overlapping Controls Totality of Controls Supporting evidences CISA : Chapter #1 The Information Systems Audit Process

26 The Information Systems Audit Process
Control Self-Assessment (CSA) : Control Assessment can be defined as a “management technique that assures stakeholders, customers and other parties that internal control system of the organization is reliable. It also ensures that employees are aware of the risks to the business and they conduct periodic, proactive reviews of control. CISA : Chapter #1 The Information Systems Audit Process

27 The Information Systems Audit Process
Control Self-Assessment (CSA) : Tools used in this context : simple questionnaires Facilitated Workshops Management Meetings Client Workshops, Worksheets Rating sheets CISA : Chapter #1 The Information Systems Audit Process

28 The Information Systems Audit Process
Objectives of CSA : Leverage the internal audit function by shifting some of the control monitoring responsibilities to the functional areas Auditee such as line managers are responsible for controls in their environment, the manager should also be responsible for monitoring the control. CSA program also educate the managers about control design and monitoring CISA : Chapter #1 The Information Systems Audit Process

29 The Information Systems Audit Process
CISA : Chapter #1 The Information Systems Audit Process

30 The Information Systems Audit Process
CISA : Chapter #1 The Information Systems Audit Process

31 The Information Systems Audit Process
CISA : Chapter #1 The Information Systems Audit Process

Download ppt "The Information Systems Audit Process"

Similar presentations

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Software Quality Assurance Plan

Software Quality Assurance Plan
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Auditing Concepts.

Auditing Concepts.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
The Islamic University of Gaza

The Islamic University of Gaza
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Review of Introduction to Auditing

Review of Introduction to Auditing
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
IS Audit Function Knowledge

IS Audit Function Knowledge
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit

Similar presentations

Ads by Google