Overview. Understand the concepts of Audit. Understand the need for Controls and internal controls. Understand and apply the principles of audit

Similar documents
Policy and Procedures Date: November 5, 2017

Chapter 7. Auditing Internal Control over Financial Reporting. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Internal Audit Appendix: IIA Standards

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

PART 6 - INTERNAL CONTROL

Auditing Standards and Practices Council

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

Internal Controls: Need Them, Have Them, Love Them

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

GoldSRD Audit 101 Table of Contents & Resource Listing

Scope of this SA Effective Date Objective Definitions Sufficient Appropriate Audit Evidence... 6

(Effective for audits of financial statements for periods ending on or after December 15, 2013) CONTENTS

Corporate Background and Experience: Financial Soundness: Project Staffing and Organization

1. INTERNAL AUDIT CHARTER (PDF)

REPORT 2016/033 INTERNAL AUDIT DIVISION

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

International Standard on Auditing (Ireland) 500 Audit Evidence

Statement on Risk Management and Internal Control

Quality Assurance and Improvement Program (QAIP)

Corporate Governance Update. SOX 404 and Internal Controls

Types of Systems Audit & Relevance. Presented By: Prasad Pendse, CISA

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

Fraud Risk Management

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

Chapter 7 Internal Controls

HSCIC Audit of Data Sharing Activities:

Business Context of ISO conform Internal Financial Control Assessment

An Overview of the 2013 COSO Framework. August 2013

The Red (Book) Rocks The Latest and Greatest Audit Standards

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

Strengthening Control and integrity: A Checklist for government Managers

CITY OF CORPUS CHRISTI

Audit Evidence This section is effective for audits of financial statements for periods ending on or after December 15, 2012.

The Internal Control Framework

Financial Statements Framework

Thai Oil Public Company Limited. Internal Audit Charter

EFFICIENT USE OF AUDIT COMMITTEES

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

Internal Financial Controls (IFC) - An Overview

2012 IIA Standards Update

Internal Control and the Computerised Information System (CIS) Environment. CA A. Rafeq, FCA

Internal Control and the IC System in Philippines

Evaluating Internal Controls

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems

On the Revision of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal Control

and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

Practice Advisory : Quality Assurance and Improvement Program

The World Bank Audit Firm Assessment Questionnaire

Changes To the Public Sector Internal Audit Standards April 2017

Internal and Governmental Financial Auditing and Operational Auditing

Statement on February 2014 Auditing Standards 128. Using the Work of Internal Auditors

STATEMENT OF AUDITING STANDARDS 500 AUDIT EVIDENCE

Audit of Weighing Services. Audit and Evaluation Services Final Report Canadian Grain Commission

Bank of Botswana Internal Audit Charter March 18, 2013 INTERNAL AUDIT CHARTER BANK OF BOTSWANA

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

AUDITING. Auditing PAGE 1

INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 500

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks

TABLE OF CONTENTS WATER SERVICES ASSOCIATION OF AUSTRALIA PROCESS BENCHMARKING AUDIT PROTOCOLS COPYRIGHT:... 3

ECQA Certified Profession. Governance SPICE Model. Internal Financial Control Assessor Training Programme

OVERVIEW 4/19/10. Internal Controls and the Audit Process May 4, 2010 OVERVIEW. Definition and historical perspective of internal auditing

FEEDBACK TUTORIAL LETTER

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

REPORT 2014/014. Audit of the implementation of the Murex system in the Investment Management Division of the United Nations Joint Staff Pension Fund

[RELEASE NOS ; ; FR-77; File No. S ]

BUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017

1. Definition & Mission

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

INTERNATIONAL STANDARD ON AUDITING 210 TERMS OF AUDIT ENGAGEMENTS CONTENTS

Basic Concepts of Information System Auditing

ISAE 3402 Type 2. Independent auditor s report on general IT controls regarding operating and hosting services for to

SA 402(REVISED) AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING

Internal Control Questionnaire and Assessment

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

Audit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards

FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A)

REPORT WRITING & INDEPENDENT REVIEW

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

International Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation

How to plan an audit engagement

Audit & Risk Committee Charter

Sheena Tran, CPA May 19, 2014

PUBLIC SECTOR FINANCIAL MANAGEMENT: CONTROL. Andrew Graham Queens University School of Policy Studies

ISO The International Energy Management Standard. esta.org.uk

GRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER

INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT CONTENTS

Internal Audit Report

INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS

INTERNAL AUDIT CHARTER SECURE TRUST BANK PLC

Using Data Analytics to Detect Fraud

Office of the Utah Legislative Auditor General. Fraud Prevention. Utah Government Finance Officers Association. Spring 2017 Conference

Sarbanes-Oxley Compliance: Managing Technology Controls

Audit Committee Charter for XL Group Ltd

Introductions. An Overview of the COSO 2013 Framework. Christian Peo Sharon Todd. An Overview of the 2013 COSO Framework.

This Internal Audit Charter is intended to define the role, responsibility and accountability of the Society s Internal Audit function.

Quality Sign off for Internal Audit Engagement. Name of Audit

Internal Controls: Facts and Fiction. Colin Wallace, Partner Advisory Services

Chapter 1 The Demand for an Auditing and Assurance Profession

Transcription:

Audit Chapter 18

Overview Understand the concepts of Audit Understand the need for Controls and internal controls Understand and apply the principles of audit

IT Audit IT auditing is the evaluation of Information Systems, practices, and operations to assure the integrity of an entity s information. Such evaluation can include assessment of the efficiency, effectiveness, and economy of computer-based practices with computer as an audit tool

IT Audit IT auditing is a profession with conduct, aims, and qualities that are characterized by worldwide technical standards, an ethical set of rules (ISACA Code of Ethics), and a professional certification program (Certified Information Systems Auditor, CISA) is an integral part of the audit function because it supports the auditors judgment on the quality of the information processed by computer systems.

IT Audit IT auditing is a profession with conduct, aims, and qualities that are characterized by worldwide technical standards, an ethical set of rules (ISACA Code of Ethics), and a professional certification program (Certified Information Systems Auditor, CISA) is an integral part of the audit function because it supports the auditors judgment on the quality of the information processed by computer systems.

IT Audit Companies require systems, structures, and processes to operate globally. A system represents a set of dependent elements forming a single unitary entity. can be defined by the following elements: inputs, outputs, transformation process, system structure and its state. A process is nothing more than a structured set of activities and decisions to do a certain job.

Risks Risks associated with automated applications include: Weak security Unauthorized access to data Unauthorized remote access Inaccurate information Erroneous or falsified data input Misuse by authorized end users

Risks Risks associated with automated applications include: Incomplete processing Duplicate transactions Untimely processing Communications system failure Inadequate training Inadequate support

System Planners System planners must ensure that provisions are made for: An adequate audit trail so that transactions can be traced for- ward and backward through the system Ensuring technology provided by different vendors are compatible and controlled Adequately designed and controlled databases to ensure that common definitions of data are used throughout the organization, that redundancy is eliminated or controlled, and that data existing in multiple databases is updated concurrently

System Planners System planners must ensure that provisions are made for: Handling exceptions to, and rejections from, the computer system Unit and integrated testing, with controls in place to determine whether the systems perform as planned and meet the business objectives Controls over changes to the computer system to determine whether the proper authorization has been given and documented Adequate controls between interconnected computer systems

System Planners System planners must ensure that provisions are made for: Adequate security procedures to protect the data and availability of data on demand Authorization procedures for system overrides and documentation of those processes Determining whether organization and government policies and procedures are adhered to in system implementation Backup and recovery procedures for the operation of the system and subsystems with assurance of business continuity

Audit The audit is the process through which the competent and independent persons collects and evaluates proofs to validate an opinion regarding the correspondence degree among the observed events, things and with preestablished criteria.

Audit Auditing is defined as a systematic process of objectively obtaining and evaluating evidence regarding the current condition of an entity, area, process, financial account or control and comparing it to predetermined, accepted criteria and communicating the results to the intended users.

Audit - Types The various types of audits include A quality system audit measures an organization's capability to meet the quality requirements. Management audits are carried out to validate the business strategic plan reflects the business objectives. A process audit verifies the validity of process to deliver the expected output..

Audit - Types The various types of audits include System audits are carried out to ensure a business management system is sufficiently comprehensive to control all of the activities within that business. Procedural audits Verify the documented practices and its completeness to ensure the implementation of approved policies and are capable of controlling the organisations operations.

ISO 9001:2000 ISO9001:2000 defines audit to be of three types. First Party Audits of an organization, or parts of an organization, by personnel employed by that organization. These audits are usually referred to as Internal Audits. Members of a business evaluate their own processes with established criteria with respect to their organization.

ISO 9001:2000 ISO9001:2000 defines audit to be of three types. Second Party Audits carried out by customers upon their suppliers and are completed by an organization independent of the organization being audited. These audits are usually referred to as external audits or vendor audits.

ISO 9001:2000 ISO9001:2000 defines audit to be of three types. Third Party Audits are carried out by personnel who are not connected to the customer nor the supplier. They are usually employees of certification bodies or registrars such as BSI etc.

Computer based audit Computer-based auditing has traditionally been considered from two perspectives: a systems-based approach: can be used to test the applications controls to determine if the system is performing as intended. a data-based approach focuses on the data and is commonly called transaction- or data-based auditing.

IT Audit IT Audit is the process of collecting and evaluating evidence to determine whether a information system has been designed to maintain data integrity, safeguard assets, allows organizational goals to be achieved effectively, and uses resources efficiently. It analyzes the systems and the networks with the view of measuring the efficiency of technical and procedural control in order to minimize the risks.

IT Audit IT Audit It entails the systematic examination of the information resources, information use, information flows and the management of these in an organization. It is an important element in the process of feedback. It is an instrument of evaluation and provides information that can be used to plan and implement corrective actions.

Audit Team Two necessary components for an audit to be successful The first is an auditor with the right skills, education and experience. The second is the audit process itself. A group of auditors will form an audit team.

Audit Team Audit teams are composed with consideration to the type, content, and extent of the audit to be conducted. Audit team employees, one of whom has to act as audit lead. The audit lead should be nominated early.

Audit Team The audit manager is responsible for selecting the audit teams. When selecting the audit team members, consideration should be given to audit content, cultural group, and linguistic requirements, as well as personal aspects.

Audit Documentation Audit documentation is the written record that supports the auditors representations and conclusions. serves as a basis for review and is used to plan and perform the engagement. includes records of planning and performing the work, as well as a record of the procedures performed and evidence obtained.

Audit Schedule Audit Schedule departments create annual audit schedules to gain agreement from the board on audit areas, communicate the audit areas with the functional departments, and create a project/resource plan for the year. should be linked to current business objectives and risks based on their relative cost in terms of potential loss of goodwill, etc

Audit Plan Audit Plan Planning covers both administration of the audit office as well as administration of the audit assignment. For successful audits, we need to know what we want to achieve (audit objectives), determine what procedures we should follow (audit methodology), and assign qualified staff to the audit (resource allocation).

Audit Preparation Audit preparation is composed of all the work that is involved in initiating an audit. The functions include audit selection, definition of audit scope, initial contacts and communication with audites, and audit team selection. Audit scope should clearly state the process areas, controls, geographic or functional area, time period, and other speficics to delineate the area to be reviewed.

Audit Procedures Audit procedures are the activities that the auditor performs to obtain sufficient, competent evidence to ensure a reasonable basis for the audit opinion. Firstly, they are detective control mechanisms by which auditors identify and investigate variances or deviations from predetermined standards.

Audit Procedures Audit procedures Secondly, they are used as preventive control mechanisms because the expectation of an audit should deter individuals from engaging in fraudulent financial reporting or making careless errors.

Internal Audit The internal audit function is a control function with a company or organization. The primary purpose of the internal audit function is to assure that management authorized controls are being applied effectively. Internal Audit is part of the internal monitoring system of an organization.

Audit Findings Audit findings should be formally documented and include the process area audited, the objective of the process, the control objective, the results of the test of that control, and a recommendation in the case of a control deficiency. form serves the purpose of documenting both control strengths and weaknesses and can be used to review the control issue with the responsible IT manager to agree on corrective action.

Audit Reports Audit reports Formal communication issued by the audit department describing the results of the audit is called an audit report. Audit report should include the audit scope and objectives, a description of the audit subject, a narrative of the audit work activity performed, conclusions, findings, and recommendations.

Internal controls Internal control consists of ve interrelated components as follows: Control (or Operating) environment Risk assessment Control activities Information and communication Monitoring

IT controls IT controls General Controls Application Controls Management Controls Nature of controls Preventive controls Detective analytical controls Corrective controls

Summary The audit function, whether internal or external, is part of the corporate environment. It is a process to objectively validate, verify, and substantiate a process, activity, function, system, subsystem, or project within a company. Auditors have a unique set of skills and abilities that allows them to evaluate varied issues and environments.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback