Академический Документы
Профессиональный Документы
Культура Документы
IS AUDIT RESOURCE
MANAGEMENT
AUDIT CHARTER
AUDIT PLANNING
AUDIT PLANNING
Audit
planning
Short-term planning
Long-term planning
Things to consider
1.
2.
Individual
3.
4.
5.
audit planning
6.
7.
ISACA IS AUDITING
STANDARDS AND GUIDELINES
IS Auditing Standards
1. Audit charter
7. Reporting
2. Independence
8. Follow-up activities
4. Competence
10.IT governance
5. Planning
6. Performance of audit
audit planning
work
9
10
INTERNAL CONTROL
INTERNAL CONTROL
Internal Controls
Operational controls
- Directed at the day-to-day operations, functions and activities to
ensure that the operation is meeting the business objectives
11
Administrative controls
- Concerned with operational efficiency in a functional area and
adherence to management policies including operational controls.
These can be described as supporting the operational controls
specifically concerned with operating efficiency and adherence to
organizational policy.
12
INTERNAL CONTROL
INTERNAL CONTROL
INTERNAL CONTROL
14
INTERNAL CONTROL
Safeguarding assets
16
INTERNAL CONTROL
INTERNAL CONTROL
17
INTERNAL CONTROL
18
Internal Control
(Contd)
20
PERFORMING AN IS AUDIT
Classification of audits:
Financial audits
assess the correctness of an organizations financial
statements. A financial audit will often involve
detailed, substantive testing. This kind of audit
relates to information integrity and reliability.
Operational audits
Integrated audits
Administrative audits
assess issues related to the efficiency of operational
productivity within an organization.
Specialized audits
Forensic audits
21
PERFORMING AN IS AUDIT
PERFORMING AN IS AUDIT
Audit Programs
22
23
24
PERFORMING AN IS
AUDIT
PERFORMING AN IS AUDIT
Audit Methodology
25
PERFORMING AN IS AUDIT
Typical audit phases
1. Audit subject
Identify the area to be audited
2. Audit objective
Identify the purpose of the audit
3. Audit scope
Identify the specific systems, function or unit of the
27
organization
26
PERFORMING AN IS AUDIT
Typical audit phases (Contd)
4. Pre-audit planning
Identify technical skills and resources needed
Identify the sources of information for test or
review
Identify locations or facilities to be audited
28
PERFORMING AN IS AUDIT
PERFORMING AN IS AUDIT
Typical audit phases (Contd)
6. Procedures for evaluating test/review result
29
30
PERFORMING AN IS
AUDIT
PERFORMING AN IS
AUDIT
Audit programs
Audit activities
Audit tests
Must be
Dated
Initialized
Page-numbered
Relevant
Complete
Clear
Properly labeled
Filed and kept in custody
Workpapers (Contd)
31
32
PERFORMING AN IS
AUDIT
PERFORMING AN IS AUDIT
Fraud
Detection
AN
IS AUDIT
34
Detection risk
Control risk
PERFORMING AN IS
AUDIT
Audit Risks
Inherent risk
PERFORMING
Audit Risk
35
36
RISK ASSESSMENT
PERFORMING AN IS
AUDIT
Materiality
An auditing concept regarding the importance of an
item of information with regard to its impact or
effect on the functioning of the entity being audited
37
PERFORMING AN IS AUDIT
PERFORMING AN IS
AUDIT
Audit Objectives
Substantive test
Confidentiality
Integrity
Reliability
Availability
Compliance test
determines whether controls are in compliance with
management policies and procedures
audit
38
39
10
PERFORMING AN IS
AUDIT
PERFORMING AN IS
AUDIT
Evidence
It is a requirement that the auditors
conclusions must be based on sufficient,
competent evidence.
41
PERFORMING AN IS
AUDIT
42
PERFORMING AN IS
AUDIT
Actual functions
Actual processes/procedures
Security awareness
Reporting relationships
43
Assess evidence
44
11
PERFORMING AN IS AUDIT
PERFORMING AN IS AUDIT
Exit interview
Correct facts
Realistic recommendations
Presentation techniques
Executive summary
Visual presentation
45
PERFORMING AN IS
AUDIT
PERFORMING AN IS AUDIT
46
47
Timing of follow-up
48
12
PERFORMING AN IS
AUDIT
Audit Documentation
49
13