Auditing Concept

-Ganesh Sharma

Auditing evolved and grew rapidly after the industrial revolution in 18th century and in India the companies Act 1913 made audit of company compulsory.

Auditing is the process of analysing the log records so as to describe the information about the system in a clear and understandable manner.

Auditing is an independent Review and Examination of records and activities

Audit is done with the help of Vouchers Documents,Information and Explanations received from the authorities

Audit helps the management providing Suggestions to attain goal of an organization.

Defination and Meaning: Auditing is the process of collecting and Evaluating

Evidence to determine whether a Computer System Safeguards, Assets, Maintains Data Integrity, allows organizationl goals to be achieved effectively.

Auditing is a serious discipline. Auditors must be the most experienced, knowledgeable, professionally qualified individuals in a discipline.

It is conducted for proprietors only. Audit is legally compulsory for companies

Exampe of Audits are as :1.Financial Audits2.Operational Audits3.Administrative Audits4.Information System Audits5.Specialized Audits6.Integrated Audits7.Forensic Audits

Auditing Types 1.Internal Auditing It Depands on management and its function`s objective that

vary according to management requirement. It is an independent approach that is designed to improve

the organization operations and accomplish its bringing up a systematic disciplined approach to evaluate and improve the effectiveness of risk management.

2.External Auditing It is carried out by an individual independent of the company

being audited. It focusus on the interests of third party stakeholder, while

internal auditors serve as an independent apprisal function within the organization.

Information Security Audit(ISA) Need for an information systems audit function comes from two reasons Auditors realized that computers had affected their ability to

perform the attest function Both corporate and information systems management

recognized that computers were valuble resources that needed controling like any other key resources within an organization.

Other reasons Increasing level of computerization of manual functions Rapid technology development Lack of users knowledge resulting in insecure practices Viruses,worms Hackers and security threats Changing regulatory environment

Skills required in an IS Auditor Knowledge of auditing ,Information Systems And

Network security.

Investigation and process flow analysis skills

Interpersonal relation skills.

Verbal and written communication skills

Ability to make maintain confidentaility

Ability to use It desktop office tools vulnerability analysis and other IT tools.

Standard and PerformanceThe IS Auditing standard include1.Audit charter: It must state roles and responsibilities, authority and accountability of the ISA function2.Maintain Professional Independence and Organizational

relationship:- The IS auditmust be independent in all matters related to

auditing in attitude and in apperance.3.Ethics and Standard: Appropriate professional auditing standard must be used in all

aspects of IS auditor`s work.4.Planning: The IS auditor needs to plan the IS audit works to achieve the

audit objectives complying with the audit standard.

Performance of audit work:The IS audit team must be supervised so as to achieve the audit objective applicable to professional auditing standard.

Reporting:The IS auditormust present the audit report to the intended recipets.

Follow up activities: The IS auditor must request and evaluate the previous relevant findings,conclusion and recommendations so as to check appropriate action have been implemented in timely manner or Not

IT Governance: It is process of controling an organization IT resources information ,communication systems and technology in order to achieve organization obejctives and to manage and control IT related Risks.

Audit Steps Step 1: Notification and request for preliminary

information Step 2: Planning Step 3: Open Meeting Step 4: FieldWork Step 5: Communication Step 6: Draft report Step 7: Management responses Step 8: Closing meeting Step 9: Report Distribution Step 10:Follow Up:IS auditor have follow up programs to

determine if agreed correctives actions have been implemented.

IS Audit Phases Audit the Subject: Identify the area to be audited Audit the Objective: identify the specific systems and function of the

organization Plan the Pre Audit: identify the technical skills,required resources and sources of

information for test and review and Identify locations and facilities to be audited.

Process for data Gathering: Identify the appropriate audit approach,Identify the list of

individual to interview,identify and review the department policies,standard and guidelines and develop audit tools and methodology

Evaluate the test and review the result Procedures for Cummunication: IS auditors should communicate theresults to the

senior management and to the audit committee of the board of directors.

Audit the report preparation: Identify follow up review, identify procedure to test operational efficiency and

effectiveness and controls review and evaluate the soundness of documents,polocies and procedures

Audit Risk Audit Risk is a material error in the IS report that may

remain undetected during the audit.

IT risks is a case where IS will not achieve the business Objective and responding to threat to the provision of IT services.

A RISK based audit approach is used to assist an IS auditor decision to perform either compliance or substantive testing.

The variou components of risk include1.Inherent risk: It is associaoted with the unique

characteristics of the business of the client.2.Control risk: It is the risk that is not prevented or

detected on a timely basis by the system of internal controls

3.Detection risk: The risk arises when IS auditors uses as inadequate test procedure and concludes that errors do not exist but they do exist.

4.Overall audit risk: It is the combination of inherent,control and detection risk.Its Objective

is to limit the audit risk at low level and is to access and control the risk to achieve the desired level of assurance.

Disadvantages Reviewing operational processes can be very time consuming

and costly. When employees and managers are working with the auditor,

they can't do other activities that might benefit the business, so projects or production might slow temporarily. Sometimes, the changes that a business makes are hard for workers to get used to, which can increase conflicts or confusion.

Advantages In addition to making the business more efficient and

profitable in the long run, an operational audit almost always provides a company with some new, fresh perspectives.

It makes executives aware of problems that might not have been found otherwise and lets them evaluate risks for the future. Managers also can use results to motivate employees, as the company always has something to work toward at the end of the process.

Thank You