2. Auditing evolved and grew rapidly after the industrial
revolution in 18th
century and in India the companies
Act 1913 made audit of company compulsory.
Auditing is the process of analysing the log records so
as to describe the information about the system in a
clear and understandable manner.
Auditing is an independent Review and Examination
of records and activities
Audit is done with the help of Vouchers
Documents,Information and Explanations received
from the authorities
Audit helps the management providing Suggestions to
attain goal of an organization.
3. Defination and Meaning:
Auditing is the process of collecting and Evaluating
Evidence to determine whether a Computer System
Safeguards, Assets, Maintains Data Integrity, allows
organizationl goals to be achieved effectively.
Auditing is a serious discipline. Auditors must be the
most experienced, knowledgeable, professionally
qualified individuals in a discipline.
It is conducted for proprietors only.
Audit is legally compulsory for companies
4. Exampe of Audits are as :
1.Financial Audits
2.Operational Audits
3.Administrative Audits
4.Information System Audits
5.Specialized Audits
6.Integrated Audits
7.Forensic Audits
5. Auditing Types
1.Internal Auditing
It Depands on management and its function`s objective that
vary according to management requirement.
It is an independent approach that is designed to improve
the organization operations and accomplish its bringing up a
systematic disciplined approach to evaluate and improve the
effectiveness of risk management.
2.External Auditing
It is carried out by an individual independent of the company
being audited.
It focusus on the interests of third party stakeholder, while
internal auditors serve as an independent apprisal function
within the organization.
6. Information Security Audit(ISA)
Need for an information systems audit function comes from
two reasons
Auditors realized that computers had affected their ability to
perform the attest function
Both corporate and information systems management
recognized that computers were valuble resources that
needed controling like any other key resources within an
organization.
Other reasons
Increasing level of computerization of manual functions
Rapid technology development
Lack of users knowledge resulting in insecure practices
Viruses,worms Hackers and security threats
Changing regulatory environment
7. Skills required in an IS Auditor
Knowledge of auditing ,Information Systems And
Network security.
Investigation and process flow analysis skills
Interpersonal relation skills.
Verbal and written communication skills
Ability to make maintain confidentaility
Ability to use It desktop office tools vulnerability
analysis and other IT tools.
8. Standard and Performance
The IS Auditing standard include
1.Audit charter:
It must state roles and responsibilities,
authority and accountability of the ISA function
2.Maintain Professional Independence and Organizational
relationship:-
The IS auditmust be independent in all matters related to
auditing in attitude and in apperance.
3.Ethics and Standard:
Appropriate professional auditing standard must be used in all
aspects of IS auditor`s work.
4.Planning:
The IS auditor needs to plan the IS audit works to achieve the
audit objectives complying with the audit standard.
9. Performance of audit work:The IS audit team must be
supervised so as to achieve the audit objective applicable to
professional auditing standard.
Reporting:The IS auditormust present the audit report to the
intended recipets.
Follow up activities: The IS auditor must request and evaluate
the previous relevant findings,conclusion and
recommendations so as to check appropriate action have
been implemented in timely manner or Not
IT Governance: It is process of controling an organization IT
resources information ,communication systems and
technology in order to achieve organization obejctives and to
manage and control IT related Risks.
10. Audit Steps
Step 1: Notification and request for preliminary
information
Step 2: Planning
Step 3: Open Meeting
Step 4: FieldWork
Step 5: Communication
Step 6: Draft report
Step 7: Management responses
Step 8: Closing meeting
Step 9: Report Distribution
Step 10:Follow Up:IS auditor have follow up programs to
determine if agreed correctives actions have been
implemented.
11. IS Audit Phases
Audit the Subject:
Identify the area to be audited
Audit the Objective:
identify the specific systems and function of the
organization
Plan the Pre Audit:
identify the technical skills,required resources and sources of
information for test and review and Identify locations and
facilities to be audited.
Process for data Gathering:
Identify the appropriate audit approach,Identify the list of
individual to interview,identify and review the department
policies,standard and guidelines and develop audit tools and
methodology
12. Evaluate the test and review the result
Procedures for Cummunication:
IS auditors should communicate theresults to the
senior management and to the audit committee of
the board of directors.
Audit the report preparation:
Identify follow up review,
identify procedure to test operational efficiency and
effectiveness and controls review and evaluate the
soundness of documents,polocies and procedures
13. Audit Risk
Audit Risk is a material error in the IS report that may
remain undetected during the audit.
IT risks is a case where IS will not achieve the
business Objective and responding to threat to the
provision of IT services.
A RISK based audit approach is used to assist an IS
auditor decision to perform either compliance or
substantive testing.
14. The variou components of risk include
1.Inherent risk: It is associaoted with the unique
characteristics of the business of the client.
2.Control risk: It is the risk that is not prevented or
detected on a timely basis by the system of
internal controls
3.Detection risk: The risk arises when IS auditors
uses as inadequate test procedure and concludes
that errors do not exist but they do exist.
4.Overall audit risk: It is the combination of
inherent,control and detection risk.Its Objective
is to limit the audit risk at low level and is to
access and control the risk to achieve the desired
level of assurance.
15. Disadvantages
Reviewing operational processes can be very time consuming
and costly.
When employees and managers are working with the auditor,
they can't do other activities that might benefit the business,
so projects or production might slow temporarily. Sometimes,
the changes that a business makes are hard for workers to get
used to, which can increase conflicts or confusion.
Advantages
In addition to making the business more efficient and
profitable in the long run, an operational audit almost always
provides a company with some new, fresh perspectives.
It makes executives aware of problems that might not have
been found otherwise and lets them evaluate risks for the
future. Managers also can use results to motivate employees,
as the company always has something to work toward at the
end of the process.