Matakuliah : A0214/Audit Sistem Informasi
Tahun
: 2007
Pertemuan 5-6
THE AUDIT PROCESS IN AN INFORMATION TECHNOLOGY
ENVIRONMENT
Bina Nusantara
IT AUDITING : WHAT IS IT?
• The evaluation of IS and IT by auditors has generated the term IS auditing
• IT auditing is the evaluation of IS, practices, and operations to assure the
integrity of an entity’s information.
• The computer auditor’s evaluation of systems, practices and operations may
include one or both of the following :
– Assessment of internal controls within the IT environment to assure the validity,
reliability, and security of information
– Assessment of the efficiency and effectiveness of the IT environment in economic
terms
Bina Nusantara
Planning the Audit
•
•
•
•
•
•
Bina Nusantara
Define scope
State objectives
Structure an orderly approach
Provide for measurement of achievement
Assure reasonable comprehensiveness
Provide flexibility in approach
Organizing the Audit
•
•
•
•
•
•
Bina Nusantara
Preliminary review
Application analysis
Preliminary evaluation of internal controls
Compliance testing
Final evaluation of internal controls
Substantive testing
Preliminary Review
• General data gathering
• Identifying financial application areas
• Preparing an audit plan
Bina Nusantara
Field Work and Implementing Audit Methodology
•
•
•
•
•
•
•
Bina Nusantara
Define objectives
Build a basic understanding of the area being audited
Build a detailed understanding of the area being audited
Evaluate controls, strengths, and weaknesses
Design the audit procedures
Test the critical controls, processes, and apparent exposures
Evaluate the results
Audit Tools and Techniques
•
•
•
•
•
•
•
•
Bina Nusantara
Understanding how computers process data
Identifying documents and heir flow through the system
Defining critical data
Developing audit data flow diagrams
Evaluating the quality of system documentation
Assessing controls over documents
Determining the effectiveness of processing under computer programs
Evaluating the usefulness of reports
Audit Report
• A written report will provide excellent documentation for both the positive and
negative points made and will serve as a reference for future audits and
improvements.
• The value of the audit must be assessed to assure that the findings and
recommendations have been achieved to some quantifiable degree and provide
value to the organization.
Bina Nusantara