1 / 14

Audit Materiality (G6)

Audit Materiality (G6). JALAL HAFIDI BIJAN BARIKBIN  CAITLYN E CARNEY MEGAN A STEPHENS. Background: Material Weakness. What is a material weakness? Controls are _____ and/or controls are _____ and or/controls are _____. Background: S12 Audit Materiality.

serge
Download Presentation

Audit Materiality (G6)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Audit Materiality (G6) JALAL HAFIDI BIJAN BARIKBIN  CAITLYN E CARNEY MEGAN A STEPHENS

  2. Background: Material Weakness • What is a material weakness? • Controls are _____ and/or controls are _____ and or/controls are _____.

  3. Background: S12 Audit Materiality • When Determining the Nature, Timing and Extent… • Audit materiality and its relationship to audit risk • Potential weakness/absence of controls • Cumulative effect of deficiencies or weaknesses and absence of controls • Disclose ineffective controls or absence of controls and the significance of the control deficiencies and possibility of resulting in material weakness. Identify Consider Report

  4. Need for Guideline: IS vs. Financial Audits Financial IS • Physical access controls • Quality control • Personnel management • Password generation • Monetary

  5. Planning: Assessing Materiality • Professional judgment • IS auditors should consider: • Level of error acceptable • Potential to become material

  6. Planning: Assessing Materiality • Meeting Audit Objectives: • Identify relevant control objectives & material control • Determine what to examine based on risk tolerance rate When should a financial auditor’s measure of materiality be considered in an IS audit?

  7. Planning: Assessing Materiality • Classification of Information Assets: • Confidentiality, Integrity, Availability (CIA) • Access Control Rules • Criticality & Risk Exposure • Materiality of Deficiencies: • IT General Controls • Application Controls What types of “information assets” should be verified in the assessment of materiality?

  8. Planning: Assessing Materiality • Consider how deficiencies effect an application, and how it will act when aggregated against all of the other control deficiencies. • They all can effect the organization, individually and as a whole!

  9. Planning: Assessing Materiality • By not fixing a control’s deficiency, it could become material to the audit and to the organization. • Not only should stakeholders discuss known material weaknesses, but the auditor should have them sign off on acknowledging them. Why should the auditor obtain sign-offs from stakeholders? Are there any reasons an auditor should not have stakeholders sign off?

  10. Factors in Materiality • Critical for business processes supported by system/operation • Number and type of application • Number of users • Number of managers/directors (based on privileges) • Criticality of the network communications. • Cost of system • Potential cost of errors. • Cost of loss of information • In terms of time and money to reproduce • Effectiveness of countermeasures. • Number of accesses per period • Transactions/inquiries/etc. • Reporting & files maintained • Nature/timing/extent • Materials handled • Nature/quantity • SLAs and costs of penalties • Penalties for lack of compliance • Legal, regulatory, contractual, public health, and safety What do you think is the most important factor? Why?

  11. Reporting • What should be reported ? • The materiality of any errors found • Control weaknesses (potential materiality) • In order to obtain a statement of assurance regarding IS controls (unqualified opinion): • The controls should be placed according to the standards and they meet their objectives • Free of material weakness

  12. Reporting Cont’d • If the controls don’t meet their objectives, the IS auditor should issue qualified or adverse opinion • The IS auditor should consider reporting to management weaknesses that are not material Who has the final decision about what should be reported? IS Auditor NOT the management

  13. Conclusion Who do external auditors report to? Managers Employees Board of directors Audit Committee How can small errors or weaknesses become material over time?

  14. Questions Thank you

More Related