1 / 13

Information System Control & Audit.

Information System Control & Audit. Need for IS Audit. Uncontrolled use of computers may results in: Data Loss Incorrect Decision making Computer Abuse Loss of valuable hardware or software or personnel Computer Errors. Need for IS Audit Cont’d….

zahir-hart
Download Presentation

Information System Control & Audit.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information System Control & Audit.

  2. Need for IS Audit • Uncontrolled use of computers may results in: • Data Loss • Incorrect Decision making • Computer Abuse • Loss of valuable hardware or software or personnel • Computer Errors

  3. Need for IS Audit Cont’d… • Security & abuse - from inside & outside: hacking, viruses, access • Destruction & theft of assets • Modification of assets • Disruption of operations • Unauthorized use of assets • Physical harm • Privacy violations

  4. IT / IS Auditing? • Process of collecting and evaluating evidence to determine whether a computer system: • Safeguard assets • Maintains data integrity • Achieve organizational goals effectively • Consumes resources efficiently

  5. Types of Audits • Financial: • More relevant to external auditor. • Operational: • Compliance with laws, regulations, and/or contracts • Compliance with company standards, policies, and/or procedures • Effectiveness and efficiency of business operations • Typically an internal audit function

  6. Types of Audits Cont’d… • Information Technology (IT): • Information confidentiality • Data Integrity • System availability • Compliance with laws, regulations, and/or contracts • Compliance with company standards, policies, and/or procedures • Information reliability • Effectiveness and efficiency of operations

  7. Auditing Environment • External vs. internal auditors • External auditors provided by public accounting firms and also exist in government as well. They provide increased assurance • Fairness of financial statements • Frauds & irregularities • Ability to survive • Relies on internal control structure for planning of audit

  8. Auditing Environment Cont’d… • Internal Auditors responsible to Board of Directors • An internal control function • Assist the organization in measurement & evaluation: • Effectiveness of internal controls • Achievement of organizational objectives • Economics & efficiency of activities • Compliance with laws and regulations • Operational audits

  9. Audit Standards • Professional Organizations: • American Institute of Certified Public Accountants (AICPA) • Generally Accepted Auditing Standards (GAAS) • Statements of Auditing Standards (SAS) • Financial Accounting Standards Board (FASB) • Generally Accepted Accounting Principles (GAAP) • The Institute of Internal Auditors (IIA) • Statements on Internal Auditing Standards (SIAS) • Information Systems Audit & Control Association (ISACA) • COBIT- Control Objectives for Information Technology

  10. Audit Standards Cont’d… • Related Legislation • Privacy Act, 1974 • Computer Fraud and Abuse Act (CFAA), 1984 & 1994 • Computer Security Act, 1987 • Electronic Communications Privacy Act • Communications Decency Act, 1995 • Health Insurance Portability & Accountability Act, (HIPAA) 1996 • Sarbanes-Oxley Act of 2002 • Homeland Security Act of 2002 with the Cyber Security Enhancement Act

  11. Internal Control Framework • Separation of duties • Delegation of authority & responsibility • System of authorizations • Documentation & records • Physical control over assets & records • Management supervision • Independent checks

  12. Internal Controls Cont’d… • Control is a system, pattern of activities: • Preventive • Detective • Corrective • Overall purpose is to reduce expected losses from unlawful events. • Auditor’s task is to determine whether controls are in place and working properly.

  13. Effects of Computers on Auditing • Impact on control environment • Changes to evidence collection • Complex evidence evaluation

More Related