The Concepts of an Audit - erpanet.org · The Concepts of an Audit Audit and Certification in...

April 14, 2004 / 1Erasmus Universiteit Rotterdam

Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

. The Concepts of an AuditAudit and Certification in Digital Preservation

April 14 – 16, 2004, Antwerpen

J. Pasmooij RE RA ROManager ICT Knowledge Center, Royal NIVRA, AmsterdamProgram Manager postgraduate IT-auditing curriculum Erasmus University, Rotterdam


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.

Agenda

• The objectives of an audit• The elements of an audit• Examples of audits


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.

The objective of an audit

The objective of an audit is for the responsible party a way to proof compliance with legal and/or contractual terms, or suitable criteria.


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.


The objective of an audit is for an (intended) user to learn more about the quality of the subject matter or compliance with legaland/or contractual terms or suitable criteria.


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.


The objective of an audit is for a professional auditor to evaluate or measure a subject matter that is the responsibility of an other party against identified suitable criteria, and to express a conclusion(opinion) with a level of assurance aboutthe subject matter for the intended user.


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.

The elements of an audit• Kind of audit / assurance engagements• A three party relationship• The subject matter• The scope of the audit• Suitable criteria• The audit process• The report


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.

Kind of audit engagements• Attest (audit relates to a report or written

assertion by the responsible party)• Direct reporting (audit relates directly to the

subject matter)• A broad range of subject matters• To provide high or moderate levels of

assurance• To report internally and/or externally• Within the private or public sector


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.

The auditor• The auditor has to observe:

– Integrity– Objectivity– Independency– Professional competence and due care– Confidentiality– Professional behavior– Application of technical standards

• The auditor should be:A member of a respected institute or organization with:– quality control policies and procedures– disciplinary rules– a code of ethics– auditing standards


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.

The subject matterMay be:• A report / a management assertion (data /

information)

• A system (infrastructure / software)• A process (organization / people / procedures• A strategy / policy

• Behavior


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.

The scope of the audit• Design (point in time)• Design and operating (covering a period of time)

• Focussing on specific criteria (for example):– Compliance with ……– Integrity– Exclusivity / Confidentiality– Continuity / Availability– Auditability / Controllability– Effectiveness– Efficiency


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.

Suitable criteria• Criteria are the standards / requirements used to

evaluate or measure the subject matter• Suitable criteria are context-sensitive• The characteristics are suitable when they are

– Relevant– Reliable– Neutral objective– Understandable– Complete– Generally accepted– Unequivocal


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.

The audit process • Pre-audit

– Preliminary investigation– Assignment process

• Performing the audit– Initial investigation– Determing the Soll-position (the required situation)– Determing the Ist-position (collecting evidence)– Evaluating Soll versus Ist– Evaluating and forming an opinion

• Completion– Reporting– Evaluating the audit


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.

The report• The auditor’s report should contain a clear expression

of the auditor’s opinion about a subject matter based on the identified suitable criteria and the evidence obtained in the course of the audit engagement.

• The form of conclusion to be expressed by the auditor is determined by the nature of the subject matter and the agreed objective of the engagement and is designed to meet the needs of the intended user of the report of the auditor.


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.

The reportThe auditor’s report should include:• Title• An addressee• A description of the engagement and identification of the subject

matter• A statement to identify the responable party and decribe the

auditor’s reponsibilities• When the report is for restricted purposes, identification of the

parties concerned• Identification of the auditing standards• Identification of the criteria• The auditor’s conclusion (opinion), including any reservations or

denial of a conclusion• The report date• The name of the auditor


Eras

mus

Uni

vers

iteit

Rot

terd

am. P

ostd

octo

rale

opl

eidi

ngen

.

Examples of audits • Financial audit• IT-audits• Operational audits• Compliance• Sarbanes Oxley• Audits based on ISO-standards

(security, digital signatures).

The Concepts of an Audit - erpanet.org · The Concepts of an Audit Audit and Certification in...

Documents

Transcript of The Concepts of an Audit - erpanet.org · The Concepts of an Audit Audit and Certification in...