Conducting an Information Systems Audit Chapter 2.
-
Upload
ronald-johns -
Category
Documents
-
view
217 -
download
1
Transcript of Conducting an Information Systems Audit Chapter 2.
![Page 1: Conducting an Information Systems Audit Chapter 2.](https://reader036.fdocuments.us/reader036/viewer/2022082517/56649ec55503460f94bd09ea/html5/thumbnails/1.jpg)
Conducting an Information Conducting an Information Systems AuditSystems Audit
Chapter 2Chapter 2
![Page 2: Conducting an Information Systems Audit Chapter 2.](https://reader036.fdocuments.us/reader036/viewer/2022082517/56649ec55503460f94bd09ea/html5/thumbnails/2.jpg)
The Nature of ControlsThe Nature of Controls
Preventive controlPreventive controlDetective controlDetective controlCorrective controlCorrective control
Dealing with ComplexityDealing with Complexity
1.1. Given the purposes of the IS audit, factor the system to Given the purposes of the IS audit, factor the system to be evaluated into subsystems.be evaluated into subsystems.
2.2. Determine the reliability of each subsystem and the Determine the reliability of each subsystem and the implications of each subsystem’s level of reliability for implications of each subsystem’s level of reliability for the overall level of reliability in the system.the overall level of reliability in the system.
![Page 3: Conducting an Information Systems Audit Chapter 2.](https://reader036.fdocuments.us/reader036/viewer/2022082517/56649ec55503460f94bd09ea/html5/thumbnails/3.jpg)
Decomposition of the information systems Decomposition of the information systems functionfunction
IS Function
Applicationsubsystems
Applicationsystems
Cycles
Managementsubsystems
Managementsystems
![Page 4: Conducting an Information Systems Audit Chapter 2.](https://reader036.fdocuments.us/reader036/viewer/2022082517/56649ec55503460f94bd09ea/html5/thumbnails/4.jpg)
Management Subsystem :Management Subsystem :
- Top management- Top management
- IS management- IS management
- Systems development management- Systems development management
- Programming management- Programming management
- Data administration- Data administration
- Quality assurance management- Quality assurance management
- Security administration- Security administration
- Operations management- Operations management
![Page 5: Conducting an Information Systems Audit Chapter 2.](https://reader036.fdocuments.us/reader036/viewer/2022082517/56649ec55503460f94bd09ea/html5/thumbnails/5.jpg)
Application Subsystems :Application Subsystems :
- Boundary- Boundary
- Input- Input
- Communication- Communication
- Processing- Processing
- Database- Database
- Output- Output
Assessing Subsystem ReliabilityAssessing Subsystem Reliability
![Page 6: Conducting an Information Systems Audit Chapter 2.](https://reader036.fdocuments.us/reader036/viewer/2022082517/56649ec55503460f94bd09ea/html5/thumbnails/6.jpg)
Audit RisksAudit Risks
Audit risk model for the external audit Audit risk model for the external audit function :function :
DAR = IR x CR x DRDAR = IR x CR x DR
DARDAR = Desired audit risk= Desired audit risk
IRIR = inherent risk= inherent risk
CRCR = control risk= control risk
DRDR = detection risk= detection risk
![Page 7: Conducting an Information Systems Audit Chapter 2.](https://reader036.fdocuments.us/reader036/viewer/2022082517/56649ec55503460f94bd09ea/html5/thumbnails/7.jpg)
Types of Audit ProceduresTypes of Audit Procedures
1.1. Procedures to obtain an understanding Procedures to obtain an understanding of controlsof controls
2.2. Tests of controlsTests of controls
3.3. Substantive tests of details of Substantive tests of details of transactionstransactions
4.4. Substantive tests of details of account Substantive tests of details of account balancesbalances
5.5. Analytical review proceduresAnalytical review procedures
![Page 8: Conducting an Information Systems Audit Chapter 2.](https://reader036.fdocuments.us/reader036/viewer/2022082517/56649ec55503460f94bd09ea/html5/thumbnails/8.jpg)
Auditors can use similar types of procedures Auditors can use similar types of procedures if they are concerned with evaluating the if they are concerned with evaluating the effectiveness and efficiency of effectiveness and efficiency of organization’s operation :organization’s operation :
1.1. Procedures to obtain an understanding Procedures to obtain an understanding of controlsof controls
2.2. Tests of controlsTests of controls3.3. Substantive tests of details of Substantive tests of details of
transactionstransactions4.4. Substantive tests of overall resultsSubstantive tests of overall results5.5. Analytical review proceduresAnalytical review procedures
![Page 9: Conducting an Information Systems Audit Chapter 2.](https://reader036.fdocuments.us/reader036/viewer/2022082517/56649ec55503460f94bd09ea/html5/thumbnails/9.jpg)
Overview of Steps in an AuditOverview of Steps in an AuditPlanning The AuditPlanning The Audit
Start
Stop
ObtainUnderstanding
Of control structure
Assess controlrisk
PreliminaryAudit work
ReassessControl risk
Tests ofcontrols
LimitedSubstantive
testing
ExtendedSubstantive
testing
Form auditOpinion andIssue report
Rely onControls ?
IncreaseReliance onControls ?
StillRely on
Control ?
no
Yes
no
yes
no
yes
![Page 10: Conducting an Information Systems Audit Chapter 2.](https://reader036.fdocuments.us/reader036/viewer/2022082517/56649ec55503460f94bd09ea/html5/thumbnails/10.jpg)
Tests of controlsTests of controls
Tests of transactionsTests of transactions
Tests of balances or overall resultsTests of balances or overall results
Completion of the auditCompletion of the audit
Auditing Around or Through The ComputerAuditing Around or Through The Computer
Auditing around the computerAuditing around the computer
Auditing through the computerAuditing through the computer