Information System Control & Audit.
-
Upload
zahir-hart -
Category
Documents
-
view
28 -
download
0
description
Transcript of Information System Control & Audit.
![Page 1: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/1.jpg)
Information System Control & Audit.
![Page 2: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/2.jpg)
Need for IS Audit
• Uncontrolled use of computers may results in: Data Loss Incorrect Decision
making Computer Abuse Loss of valuable
hardware or software or personnel
Computer Errors
![Page 3: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/3.jpg)
• Security & abuse - from inside & outside: hacking, viruses, access Destruction & theft of assets Modification of assets Disruption of operations Unauthorized use of assets Physical harm Privacy violations
Need for IS Audit Cont’d…
![Page 4: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/4.jpg)
IT / IS Auditing?
• Process of collecting and evaluating evidence to determine whether a computer system: Safeguard assets Maintains data integrity Achieve organizational goals effectively Consumes resources efficiently
![Page 5: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/5.jpg)
Types of Audits
• Financial: More relevant to external auditor.
• Operational: Compliance with laws, regulations, and/or
contracts Compliance with company standards, policies,
and/or procedures Effectiveness and efficiency of business operations Typically an internal audit function
![Page 6: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/6.jpg)
Types of Audits Cont’d…
• Information Technology (IT): Information confidentiality Data Integrity System availability Compliance with laws, regulations, and/or contracts Compliance with company standards, policies, and/or
procedures Information reliability Effectiveness and efficiency of operations
![Page 7: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/7.jpg)
Auditing Environment
• External vs. internal auditors• External auditors provided by public
accounting firms and also exist in government as well. They provide increased assurance Fairness of financial statements Frauds & irregularities Ability to survive
• Relies on internal control structure for planning of audit
![Page 8: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/8.jpg)
Auditing Environment Cont’d…
• Internal Auditors responsible to Board of Directors
• An internal control function • Assist the organization in measurement &
evaluation: Effectiveness of internal controls Achievement of organizational objectives Economics & efficiency of activities Compliance with laws and regulations
• Operational audits
![Page 9: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/9.jpg)
Audit Standards
• Professional Organizations: American Institute of Certified Public Accountants
(AICPA) Generally Accepted Auditing Standards (GAAS) Statements of Auditing Standards (SAS)
Financial Accounting Standards Board (FASB) Generally Accepted Accounting Principles (GAAP)
The Institute of Internal Auditors (IIA) Statements on Internal Auditing Standards (SIAS)
Information Systems Audit & Control Association (ISACA) COBIT- Control Objectives for Information Technology
![Page 10: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/10.jpg)
Audit Standards Cont’d…
• Related Legislation Privacy Act, 1974 Computer Fraud and Abuse Act (CFAA), 1984 &
1994 Computer Security Act, 1987 Electronic Communications Privacy Act Communications Decency Act, 1995 Health Insurance Portability & Accountability Act,
(HIPAA) 1996 Sarbanes-Oxley Act of 2002 Homeland Security Act of 2002 with the Cyber
Security Enhancement Act
![Page 11: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/11.jpg)
Internal Control Framework
• Separation of duties• Delegation of authority &
responsibility• System of authorizations• Documentation & records• Physical control over assets & records• Management supervision• Independent checks
![Page 12: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/12.jpg)
Internal Controls Cont’d…
• Control is a system, pattern of activities: Preventive Detective Corrective
• Overall purpose is to reduce expected losses from unlawful events.
• Auditor’s task is to determine whether controls are in place and working properly.
![Page 13: Information System Control & Audit.](https://reader036.fdocuments.net/reader036/viewer/2022082611/568130e6550346895d96fdb2/html5/thumbnails/13.jpg)
Effects of Computers on Auditing
• Impact on control environment• Changes to evidence collection• Complex evidence evaluation