160 likes | 174 Views
This session covers IT audit concepts, processes, and procedures, including planning, execution, reporting, and quality assurance. Participants will learn about the types of IT audits and use of external consultants.
E N D
Introduction to IT Audit INTOSAI IT AUDIT TRAINING Session 2
Module Objective • To introduce the participants to the concept of IT Audit and the processes and procedure involved in carrying out an IT Audit
Module contents • Definition and need for IT Audit • Types of IT Audit • IT Audit process • Planning for IT Audit • Audit execution • Reporting and follow-up • Quality assurance • Use of external consultants
Session Objectives • The objective of this session is to define IT audit and explain the types of IT audits to the trainees
Definition of IT Audit • It Audit can broadly be defined as the “process of obtaining and evaluating evidence to determine whether an IT system safeguards organisational assets, uses resources efficiently, maintains data security and integrity and fulfils the business objectives effectively”
Need for IT Audit • Widespread use of computers in government organisations • Transaction processing • Financial statements • Decision support functions • Data mining • Auditors need to consider impact of IT systems on audit methodology and techniques
Audit concerns relating to use of computers • Changes in internal control environment; • Reduced accountability due to anonymity of the users; • Possibility of unauthorised and unrecorded amendments to the data; • Absence of a visible audit trail and/or paper-based documentation; • Changes in audit evidence;
Audit concerns relating to use of computers (contd.) • Possibility of duplication / non- inclusion of data; • New opportunities and mechanisms for fraud and error; • Distributed data storage and processing; • Confidentiality and integrity of key business information; • Increased risks on account of communications within and across organisations, especially the Internet; and • System failures / shutdowns.
Types of IT Audit • Controls review • Audit of financial systems • Performance/VFM audit of IT systems • Audit of developing systems • Forensic audit • Security audit • Computer Assisted Audit Techniques (CAATs)
Types of IT Audit Controls Review • A detailed review of the manual and automated controls in an IT system, with the objective of assessing the extent of reliance that can be placed on the transactions processed and reports generated by the system
Types of IT Audit (contd.) Audit of financial systems • Audit of financial statements processed/ generated by an IT system, with a view to expressing an audit opinion
Types of IT Audit (contd.) Performance or VFM audit of IT systems • Examination of an IT system to assess whether the intended objectives of implementing the system have been achieved effectively, with due regard to economy and efficiency
Types of IT Audit (contd.) Audit of Developing Systems • Concurrent audit of the IT systems development process to assess whether the system planning, design and development is done in a structured fashion in a controlled environment, and in compliance with the specified methodology; • adequate and effective controls are considered at each stage of the system development process; and • the system provides for an adequate audit trail
Types of IT Audit (contd.) Forensic audit • In cases of suspected fraud, illegal acts or violations of company policies and procedures, an investigation to collect audit evidence, by using appropriate tools/ devices to retrieve data in a legally defensible fashion from computer devices (including PDAs, mobile phones etc.) used by the suspect; and • analyse the data collected to determine the extent of illegal acts and the culpability of persons involved
Types of IT Audit (contd.) Security audits • Audits of security controls in IT systems to assess the extent to which confidentiality, integrity and availability of data and systems is maintained, commensurate with the risk profile of the IT system and the organisation
Types of IT Audit (contd.) Computer Assisted Audit Techniques (CAATs) • Using automated audit tools and software to:Download data from auditee IT systems; • Analyse auditee data for achieving traditional audit objectives (either financial or performance audit); and • Validation of programs and code in IT systems