Auditing concept
-
Upload
ganesh-sharma -
Category
Presentations & Public Speaking
-
view
90 -
download
0
description
Transcript of Auditing concept
Auditing Concept
-Ganesh Sharma
Auditing evolved and grew rapidly after the industrial revolution in 18th century and in India the companies Act 1913 made audit of company compulsory.
Auditing is the process of analysing the log records so as to describe the information about the system in a clear and understandable manner.
Auditing is an independent Review and Examination of records and activities
Audit is done with the help of Vouchers Documents,Information and Explanations received from the authorities
Audit helps the management providing Suggestions to attain goal of an organization.
Defination and Meaning: Auditing is the process of collecting and Evaluating
Evidence to determine whether a Computer System Safeguards, Assets, Maintains Data Integrity, allows organizationl goals to be achieved effectively.
Auditing is a serious discipline. Auditors must be the most experienced, knowledgeable, professionally qualified individuals in a discipline.
It is conducted for proprietors only. Audit is legally compulsory for companies
Exampe of Audits are as :1.Financial Audits2.Operational Audits3.Administrative Audits4.Information System Audits5.Specialized Audits6.Integrated Audits7.Forensic Audits
Auditing Types 1.Internal Auditing It Depands on management and its function`s objective that
vary according to management requirement. It is an independent approach that is designed to improve
the organization operations and accomplish its bringing up a systematic disciplined approach to evaluate and improve the effectiveness of risk management.
2.External Auditing It is carried out by an individual independent of the company
being audited. It focusus on the interests of third party stakeholder, while
internal auditors serve as an independent apprisal function within the organization.
Information Security Audit(ISA) Need for an information systems audit function comes from two reasons Auditors realized that computers had affected their ability to
perform the attest function Both corporate and information systems management
recognized that computers were valuble resources that needed controling like any other key resources within an organization.
Other reasons Increasing level of computerization of manual functions Rapid technology development Lack of users knowledge resulting in insecure practices Viruses,worms Hackers and security threats Changing regulatory environment
Skills required in an IS Auditor Knowledge of auditing ,Information Systems And
Network security.
Investigation and process flow analysis skills
Interpersonal relation skills.
Verbal and written communication skills
Ability to make maintain confidentaility
Ability to use It desktop office tools vulnerability analysis and other IT tools.
Standard and PerformanceThe IS Auditing standard include1.Audit charter: It must state roles and responsibilities, authority and accountability of the ISA function2.Maintain Professional Independence and Organizational
relationship:- The IS auditmust be independent in all matters related to
auditing in attitude and in apperance.3.Ethics and Standard: Appropriate professional auditing standard must be used in all
aspects of IS auditor`s work.4.Planning: The IS auditor needs to plan the IS audit works to achieve the
audit objectives complying with the audit standard.
Performance of audit work:The IS audit team must be supervised so as to achieve the audit objective applicable to professional auditing standard.
Reporting:The IS auditormust present the audit report to the intended recipets.
Follow up activities: The IS auditor must request and evaluate the previous relevant findings,conclusion and recommendations so as to check appropriate action have been implemented in timely manner or Not
IT Governance: It is process of controling an organization IT resources information ,communication systems and technology in order to achieve organization obejctives and to manage and control IT related Risks.
Audit Steps Step 1: Notification and request for preliminary
information Step 2: Planning Step 3: Open Meeting Step 4: FieldWork Step 5: Communication Step 6: Draft report Step 7: Management responses Step 8: Closing meeting Step 9: Report Distribution Step 10:Follow Up:IS auditor have follow up programs to
determine if agreed correctives actions have been implemented.
IS Audit Phases Audit the Subject: Identify the area to be audited Audit the Objective: identify the specific systems and function of the
organization Plan the Pre Audit: identify the technical skills,required resources and sources of
information for test and review and Identify locations and facilities to be audited.
Process for data Gathering: Identify the appropriate audit approach,Identify the list of
individual to interview,identify and review the department policies,standard and guidelines and develop audit tools and methodology
Evaluate the test and review the result Procedures for Cummunication: IS auditors should communicate theresults to the
senior management and to the audit committee of the board of directors.
Audit the report preparation: Identify follow up review, identify procedure to test operational efficiency and
effectiveness and controls review and evaluate the soundness of documents,polocies and procedures
Audit Risk Audit Risk is a material error in the IS report that may
remain undetected during the audit.
IT risks is a case where IS will not achieve the business Objective and responding to threat to the provision of IT services.
A RISK based audit approach is used to assist an IS auditor decision to perform either compliance or substantive testing.
The variou components of risk include1.Inherent risk: It is associaoted with the unique
characteristics of the business of the client.2.Control risk: It is the risk that is not prevented or
detected on a timely basis by the system of internal controls
3.Detection risk: The risk arises when IS auditors uses as inadequate test procedure and concludes that errors do not exist but they do exist.
4.Overall audit risk: It is the combination of inherent,control and detection risk.Its Objective
is to limit the audit risk at low level and is to access and control the risk to achieve the desired level of assurance.
Disadvantages Reviewing operational processes can be very time consuming
and costly. When employees and managers are working with the auditor,
they can't do other activities that might benefit the business, so projects or production might slow temporarily. Sometimes, the changes that a business makes are hard for workers to get used to, which can increase conflicts or confusion.
Advantages In addition to making the business more efficient and
profitable in the long run, an operational audit almost always provides a company with some new, fresh perspectives.
It makes executives aware of problems that might not have been found otherwise and lets them evaluate risks for the future. Managers also can use results to motivate employees, as the company always has something to work toward at the end of the process.
Thank You