18 systems audit
DESCRIPTION
AuditTRANSCRIPT
![Page 1: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/1.jpg)
![Page 2: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/2.jpg)
It is an audit associated with auditors who use technical skills and knowledge to audit through the computer system, or provide audit services where processes of data, or both, are embedded in technologies.
It focuses on the computer-based aspects of
an organization’s information system.
![Page 3: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/3.jpg)
Technology
![Page 4: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/4.jpg)
General Standards (3) PATT, IMA, DPC
Standards of Fieldwork (3) AP, SUIC, SCE
Reporting Standards (4) GAAP, IC-No GAAP, IC- No AD, OFSW
![Page 5: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/5.jpg)
VAPOR Co. Valuation and allocation Presentation and disclosure Rights and obligations Completeness Occurrence and Existence
![Page 6: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/6.jpg)
Process for controlling an organization’s information technology resources, where these resources are defined to include information and communications systems as well as technology.
![Page 7: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/7.jpg)
Provide Direction
Compare
Measure Performance
IT Activities • Increase automation (make the business effective) • Decrease cost (make the enterprise efficient) • Manage risks (security reliability and compliance)
Set objectives • IT is aligned with the business. • IT enables the business and maximizes the benefits. • IT resources are used responsibly. • IT-related risks are managed appropriately.
![Page 8: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/8.jpg)
![Page 9: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/9.jpg)
![Page 10: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/10.jpg)
![Page 11: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/11.jpg)
Database Administration Data Processing Systems Development and Maintenance
![Page 12: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/12.jpg)
![Page 13: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/13.jpg)
Authorization from processing Record-keeping from custody Divide transaction processing tasks among
individuals Systems Development from Computer
Operations Database Administration from other functions New systems development from maintenance Data Library from Operations
![Page 14: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/14.jpg)
![Page 15: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/15.jpg)
IS audit services can be provided externally or internally.
The role of the IS internal audit function should be established by an audit charter approved by senior management.
If IS audit services are provided by an external firm, the scope and objectives should be documented in a formal contract.
In either case, the internal audit function should be INDEPENDENT and report to an audit committee or to the highest management level such as the board of directors.
![Page 16: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/16.jpg)
The IS auditor is expected to maintain technical competence through appropriate continuing professional education.
![Page 17: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/17.jpg)
Gain an understanding of the business’s mission, objectives, purpose and processes, which include information and processing requirements such as availability, integrity, security and business technology, and information confidentiality.
Understand changes in business environment of the auditee.
![Page 18: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/18.jpg)
Review prior work papers. Identify stated contents such as policies,
standards and required guidelines, procedures and organization structure.
Perform a risk analysis to help in designing the audit plan.
Set the audit scope and audit objectives. Develop the audit approach or audit strategy Assign personnel resources to the audit. Address engagement logistics.
![Page 19: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/19.jpg)
Special attention should be given to issues in industries that are closely regulated. For example, in several countries Internet service
providers (ISPs) are subject to laws regarding confidentiality and service availability.
![Page 20: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/20.jpg)
![Page 21: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/21.jpg)
The Information Systems Audit and Control Association (ISACA), founded in 1969, is the largest professional organization of IT auditors.
The Certified Information Systems Auditor (CISA) designation is the most highly valued global credential for IT auditors.
In addition to CISA, ISACA recently created a new credential, the Certified Information Security Manager (CISM) for non-audit security professionals.
![Page 22: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/22.jpg)
Provides guidance on IT governance by providing “the structure that links processes, IT resources and information to enterprise strategies and objectives.”
![Page 23: 18 Systems Audit](https://reader033.vdocuments.us/reader033/viewer/2022051401/55cf903c550346703ba423b7/html5/thumbnails/23.jpg)