Enhancing the scope of Financial
Audit using IT Audit Techniques
Concept Paper -- Presentation
Prepared by : Muhammad Ali Gheba
Dept. of Auditor General of Pakistan
Sequence of Presentation
•
•
•
•
•
•
Background – Traditional Financial Audit.
Changing IT Environment of the Entity.
IT environment – impact on Financial Audit.
Enhancing Scope – Fraud Detection.
Defining Fraud Detection Parameters.
Conclusion
1. Back ground – Traditional Financial
Audit.
• Traditional Scope:
▫ an opinion by the auditor as to whether the
financial statements are prepared in all material
aspects in accordance with an applicable financial
reporting framework.
▫ (&) whether the financial statements are
presented fairly, in all material aspects, or give a
true and fair view, in accordance with that
framework.
1… continued
• Auditor’s focus is on “numbers”.
• Analysis & scrutiny of number data are baseline
for the auditor assurance level.
• IT environment is of secondary focus.
2. Changing IT Environment
• Business operations adopt IT approach or
modify earlier IT approach, continuously.
• Newer and more complex financial transaction
options become available to an
entity/organization.
• Global nature of the transactions make it
difficult to establish a paper trail.
3. IT Environment – Impact on
Financial Audit
• Using information technology to implement core
business activities introduces two broads
aspects:
▫ Economy, Efficiency and timeliness in the
business output.
▫ Set of new business risk areas.
3… continued
• The risk areas may further be classified into two
broad categories:
▫ Information Systems, security, maintenance and
allied protocols – based risks
▫ Data availability and credibility aspects – based
risks
• During routine Financial Audit, auditors
normally reviews data availability and credibility
risk areas, only.
3…continued
• Controls regarding the IT framework itself are
normally not focused upon.
• Weak IT environment areas can effect credibility
of the Financial Information System.
• Data may be excellent but, potentially fake.
• A change in the Financial Audit approach is thus
needed.
4. Enhancing Scope – Fraud Detection
• In an IT based Financial Environment there is a
greater risk of the auditor not identifying
material financial fraudulent activities by using
the traditional financial audit approach.
• The confidence of stakeholders in the auditors
assertions may therefore diminish with time.
4… continued
• Detecting Fraud along “defined parameters” in
an IT based Financial environment would
restore/sustain credibility of a Financial Audit
exercise.
5.Defining Fraud Detection Parameters
• It may include the following steps:
1. Defining Fraud in context of the financial
information system.
2. Defining the scope of fraud detection.
3. Identifying and creating a list of “audit
limitations” regarding fraud detection.
5… continued
4. Classifying information system areas having
direct or indirect impact on the maintenance of
financial information.
5. Classifying the types of financial transactions
and the non-IT and IT risks associated with each
type.
6. Creating a link between information systems
controls and their impact on the financial
statements.
5… continued
7. Reviewing the definition of Financial Audit to
include aspects of fraud detection in context of
defined audit limitation.
6. Conclusions
• Enhancing Financial Audit’s scope requires
extensive brainstorming and research.
• The Financial Auditor may need to go beyond
numbers.
• And it is apparent that IT Audit techniques may
have a significant role in this change of
perspective as and when it happens.