T H E I N F O R M A T I1O N S Y S T E M S ( I S ) AUDIT BY: PRADEEP PANDEY

5/5/2012

Information system
2

It is the heart of an organization. its success is

dependent on its methodologies and its process framework. Teamed up with the right infrastructure, company who have properly planned is in place are the one who gain maximum competitive advantage.

5/5/2012

Organization of IS Audit Function

3

Audit charter (or engagement letter)

Stating managements responsibility and objectives for, and delegation of authority to, the IS audit function Outlining the overall authority, scope and responsibilities of the audit function

Approval of the audit charter

Change in the audit charter

5/5/2012

Audit Planning
4

Audit planning

Short-term planning Long-term planning Things to consider

New control issues Changing technologies Changing business processes Enhanced evaluation techniques

Individual audit planning

Understanding of overall environment

Business practices and functions Information systems and technology

5/5/2012

Audit Planning
5

Audit Planning Steps

1.

2.

3. 4. 5. 6.

7.
8.

Gain an understanding of the businesss mission, objectives, purpose and processes. Identify stated contents (policies, standards, guidelines, procedures, and organization structure) Evaluate risk assessment and privacy impact analysis Perform a risk analysis. Conduct an internal control review. Set the audit scope and audit objectives. Develop the audit approach or audit strategy. Assign personnel resources to audit and address engagement logistics.
5/5/2012

Performing an IS Audit 6
Definition of Auditing
Systematic process by which a competent, independent person objectively obtains and evaluates evidence regarding assertions about an economic entity or event for the purpose of forming an opinion about and reporting on the degree to which the assertion conforms to an identified set of standards.

5/5/2012

Performing an IS Audit 7
Definition of IS Auditing
Any audit that encompasses review and evaluation (wholly or partly) of automated information processing systems, related non-automated processes and the interfaces between them.

5/5/2012

Performing an IS Audit
8

Classification of audits:

Financial audits Operational audits Integrated audits Administrative audits Information systems audits Specialized audits Forensic audits

5/5/2012

9 Performing an IS Audit

Fraud Detection

Managements responsibility Benefits of a well-designed internal control system

Deterring
Detecting

frauds at the first instance

frauds in a timely manner

Fraud detection and disclosure Auditors role in fraud prevention and detection

5/5/2012

Performing an IS Audit

10

Audit Objectives - Specific goals of the

audit

Compliance with legal & regulatory requirements Confidentiality Integrity Reliability Availability

5/5/2012

Conclusion
11

IS auditor should assess the results of the evidence gathered for compliance with the control requirement or objective established during the planning stage. IS auditor may discover a variety of strong and weak controls. All should be considered when evaluating the overall control structure. Evaluate the totally of control by considering the strength and weakness of control procedures evaluated then determine if they are effective in meeting the control objectives established as part of the audit planning process.

5/5/2012

12

THANK U

5/5/2012