Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter Nine Conducting the IT Audit. Audit Standards AICPA — Statements of Auditing Standards (SASs) AICPA — Statements of Auditing Standards (SASs)

Published byLewis Washington Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter Nine Conducting the IT Audit. Audit Standards AICPA — Statements of Auditing Standards (SASs) AICPA — Statements of Auditing Standards (SASs)"— Presentation transcript:

1 Chapter Nine Conducting the IT Audit

2 Audit Standards AICPA — Statements of Auditing Standards (SASs) AICPA — Statements of Auditing Standards (SASs) ISACA—IS Audit Standards, Guidelines, and Procedures ISACA—IS Audit Standards, Guidelines, and Procedures AICPA —Statement on Standards for Attestation Engagements (SSAE) AICPA —Statement on Standards for Attestation Engagements (SSAE) IFAC —International Auditing Standards IFAC —International Auditing Standards ISACA —CobiT ISACA —CobiT

3 The IT Audit Lifecycle Planning Planning Risk Assessment Risk Assessment Prepare Audit Program Prepare Audit Program Gather Evidence Gather Evidence Form Conclusions Form Conclusions Deliver Audit Opinion Deliver Audit Opinion Follow Up Follow Up

4 Planning Scope and control objectives Scope and control objectives Materiality Materiality Outsourcing Outsourcing Gain an understanding of the client and client’s industry, business risks Gain an understanding of the client and client’s industry, business risks

5 Risk Assessment Shift is to risk-based audit approach Shift is to risk-based audit approach “What can go wrong” “What can go wrong” High risk areas require more audit effort High risk areas require more audit effort Materiality important Materiality important

6 The Audit Program Includes: Includes: –Scope –Audit objectives –Audit procedures –Administrative details such as planning and reporting Generic audit programs are customized for the client and client’s technology Generic audit programs are customized for the client and client’s technology

7 Gathering Evidence Evidence includes: Evidence includes: –Observations –Documentary evidence –Flowcharts, narratives, written policies –CAATs procedures Sampling Sampling –Attribute sampling used by IT auditors

8 Forming Conclusions Identify reportable conditions Identify reportable conditions

9 The Audit Opinion Per Guidelines 70, should include: Per Guidelines 70, should include: –Name of organization being audited –Title, signature, and date –Statement of audit objectives and whether these were met –Scope of the audit –Any scope limitations –Intended audience

10 The Audit Opinion (Cont’d.) Standards used to perform the audit Standards used to perform the audit Detailed explanation of findings Detailed explanation of findings Conclusion, including reservations or qualifications Conclusion, including reservations or qualifications Suggestions for corrective action or improvement Suggestions for corrective action or improvement Significant subsequent events Significant subsequent events

11 4 Main Types of IT Audits Attestation Attestation Findings and Recommendations Findings and Recommendations SAS 70 SAS 70 SAS 94 SAS 94

12 Attestation Standard is SSAE 10 Standard is SSAE 10 Includes: Includes: –Data analytic reviews –Commission agreement reviews –Webtrust engagements –Systrust engagements –Financial projections –Compliance reviews

13 Findings and Recommendations Consulting, or advisory services Consulting, or advisory services Include: Include: –Systems implementations –Enterprise resource planning implementation –Security reviews –Database application reviews –IT infrastructure and improvements needed engagement –Project management –IT Internal audit services

14 SAS 70 Audit Applicable to any service organization that wishes to assure its clients of the existence and effectiveness of internal controls relative to the service provided Applicable to any service organization that wishes to assure its clients of the existence and effectiveness of internal controls relative to the service provided Two types of SAS 70 audits Two types of SAS 70 audits –Type I –Type II

15 Types of SAS 70 reports Type I: A “walkthrough,” that describes a company’s internal controls but does not perform detailed testing of these controls Type I: A “walkthrough,” that describes a company’s internal controls but does not perform detailed testing of these controls Type II: Detailed testing of controls around the service provided Type II: Detailed testing of controls around the service provided

16 SAS 94 Requires the auditor to: Requires the auditor to: –Consider how a client’s IT processes affect internal control, evidential matter, and the assessment of control risk; –Understand how transactions are initiated, entered and processed through the IS, and –Understand how recurring and nonrecurring journal entries are initiated, entered, and processed through the IS

17 Components of a SAS 94 audit Physical and environmental review Physical and environmental review Systems administration review Systems administration review Application software review Application software review Network security review Network security review Business continuity review Business continuity review Data integrity review Data integrity review

18 Using CobiT to Perform an Audit If no audit program exists, use CobiT to develop the audit program, or If no audit program exists, use CobiT to develop the audit program, or Map existing audit program to company objectives Map existing audit program to company objectives

Download ppt "Chapter Nine Conducting the IT Audit. Audit Standards AICPA — Statements of Auditing Standards (SASs) AICPA — Statements of Auditing Standards (SASs)"

Similar presentations

COBIT® 5 for Assurance Introduction

COBIT® 5 for Assurance Introduction
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.

Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.
SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports.

SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports.
Reports on Audited Financial Statements

Reports on Audited Financial Statements
Assurance Services and Auditing Research Chapter 8.

Assurance Services and Auditing Research Chapter 8.
BA 427 – Assurance and Attestation Services Lecture 18 The Types of Services Offered by Public Accounting Firms.

BA 427 – Assurance and Attestation Services Lecture 18 The Types of Services Offered by Public Accounting Firms.
The Islamic University of Gaza

The Islamic University of Gaza
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 1 - 1 The Demand for Audit and Other Assurance Services Chapter 1.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
Assurance Services and Auditing Research Chapter 8.

Assurance Services and Auditing Research Chapter 8.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.
New Audit Risk Standards Are You Ready? John P. Langan, CPA Principal in Charge Public Service Group Metro, DC Office LarsonAllen LLP.

New Audit Risk Standards Are You Ready? John P. Langan, CPA Principal in Charge Public Service Group Metro, DC Office LarsonAllen LLP.
Module A1 Other Public Accounting Services ACCT 4080.

Module A1 Other Public Accounting Services ACCT 4080.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
The Demand for Audit and Other Assurance Services Chapter 1.

The Demand for Audit and Other Assurance Services Chapter 1.
25 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Other Assurance Services Chapter 25.

©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Other Assurance Services Chapter 25.
5-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Audit Planning.

5-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Audit Planning.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 24 - 1 Other Assurance Services Chapter 24.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Other Assurance Services Chapter 24.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

Similar presentations

Ads by Google