Professional Documents
Culture Documents
OVERVIEW OF IS AUDITING
LEARNING OUTCOMES
Overview of IS Auditing
1. The Need for Control and Audit of IS
2. Definition and objectives of IS auditing
3. Effects of computers on traditional internal
control principle
4. Auditors evidence collection & evidence
evaluation functions
5. Foundations of IS auditing
costs of
incorrect
decision
making
controlled
evolution of
computer
user
organizational
costs of data loss
costs of
computer
abuse
value of computer
hardware, software
and personnel
high costs of
computer
error
Organizations
maintenance
of privacy
Destruction of assets
Theft of assets
Modification of assets
Privacy violations
Disruption of operations
Unauthorized use of assets
Physical harm to personnel
Maintenance of Privacy
Data is collected about us
taxation, credit, medical, educational,
employment, residence, spending habits
IS Auditing
IS auditing is the process of collecting and
evaluating evidence to determine whether;
Improved
safeguarding
of assets
Organizations
Improved data
integrity
Improved
system
effectiveness
Effectiveness
Auditing
Effectiveness Metrics
Improved
systems
efficiency
- Efficiency Metrics
Foundations of IS Auditing
IS auditing as an intersection of other disciplines.
Knowledge and
experience with IC
techniques
Control
Philosophy
Understand better
ways to manage
system
development
Traditional
Auditing
Computer
Science
Technical
knowledge
Information
Systems
Auditing
IS
Management
Behavioral
Science
Understand
condition leads to
system failure due
to human factors
IT Auditors Roles
What do IT auditors do?
Ensure IT governance by assessing risks and monitoring
controls over those risks
Works as either internal or external auditor
Works on many kind of audit engagements
Evidence Collection by performing -Test of Control
and Substantive Test
Financial vs. IT Audits
IT auditors may work on financial audit engagements
IT auditors may work on every step of the financial audit
engagement
Standards, such as SAS No. 94, guide the work of IT auditors
on financial audit engagements
IT audit work on financial audit engagements is likely to
increase as internal control evaluation becomes more
important
TOC
IT Audit Skills
College education IS, computer science,
accounting
Certifications CPA, CFE, CIA, CISA, CISSP, and
special technical certifications
Technical IT audit skills specialized technologies
General personal and business skills
Professional Groups and Certifications Alphabet
Soup
ISACA CISA, CISSP
IIA CIA
ACFE CFE
AICPA CPA and CITP
Structuring an IT Audit
AICPA Standards and Guidelines GAAS,
SAS, and SSAE
IFAC Guidelines harmonized or common
international accounting standards and
guidelines
ISACA standards, guidelines, and procedures
includes CobiT and audit standards
Summary
Organization must control and audit computer based IS
because the costs of errors and irregularities is high
IS audit function is used to safeguards assets, maintain data
integrity, achieve systems effectiveness and efficiency.
Computer based IS do not undermine the traditional internal
control principles
Collecting evidence on the reliability of internal control in
computer based IS are more in types, complex and critical.
Evaluating the reliability of controls in computer based IS are
more complex.
Many of the principles in IS auditing similar as the traditional
auditing, computer science, management and behavioral
science.
The End
Thank You!