Overview of Information Systems Auditing Chapter 1 Need For Control and Audit of Computers Costs of Costs of Incorrect Computer Decision abuse making Organizational Costs of data loss Value of High costs Maintenance Hardware, Of computer Of privacy Software, error personnel Controlled Evolution of Computer use Organizations Control & audit of Computer based IS Information Systems Auditing Defined Information systems auditing Organizations Improved Safeguarding Of assets Improved Data integrity Improved System effectiveness Improved System efficiency Effects of Computers on Internal Controls • Separation of duties As a basic control, separation of duties prevents or detects errors and irregularities. • Delegation of authority and responsibility A clear line of authority & responsibility is an essential control in both manual and computer system. • Competent and trustworthy personnel Substantial power is often vested in the persons responsible for the computer based IS developed, implemented, operated, and maintained within organizations. • System of authorizations Management issues 2 type of authorizations: general authorizations and specific authorizations. • Adequate documents and records In well-designed computer systems, audit trails are often more extensive than those maintained in manual systems. • Physical control over assets and records This is critical in both manual systems and computer systems. • Adequate management supervision Supervision of employees might have to be carried out remotely. • Independent checks on performance Checks by an independent person help to detect any errors or irregularities. • Comparing recorded accountability with assets Data and assets that the data purports to represent should periodically be compared. Effects of Computers on Auditing • Changes to Evidence collection • Changes to evidence Evaluation Foundations of Information Systems Auditing Traditional auditing Information Systems Management Information systems auditing Computer science Behavioral Science