Overview of Information
Systems Auditing
Chapter 1
Need For Control and Audit of
Computers
Costs of Costs of
Incorrect Computer
Decision abuse
making
Organizational
Costs of data
loss
Value of
High costs Maintenance
Hardware, Of computer Of privacy
Software, error
personnel
Controlled
Evolution of
Computer use
Organizations
Control & audit of
Computer based IS
Information Systems Auditing Defined
Information systems
auditing
Organizations
Improved
Safeguarding
Of assets
Improved
Data integrity
Improved
System
effectiveness
Improved
System
efficiency
Effects of Computers on Internal Controls
• Separation of duties
As a basic control, separation of duties prevents or
detects errors and irregularities.
• Delegation of authority and responsibility
A clear line of authority & responsibility is an
essential control in both manual and
computer
system.
• Competent and trustworthy personnel
Substantial power is often vested in the persons
responsible for the computer based IS developed,
implemented, operated, and maintained within
organizations.
• System of authorizations
Management issues 2 type of authorizations:
general authorizations and specific
authorizations.
• Adequate documents and records
In well-designed computer systems, audit trails are
often more extensive than those maintained in
manual systems.
• Physical control over assets and records
This is critical in both manual systems and computer
systems.
• Adequate management supervision
Supervision of employees might have to be carried
out remotely.
• Independent checks on performance
Checks by an independent person help
to detect any errors or irregularities.
• Comparing recorded accountability with
assets
Data and assets that the data purports
to represent should periodically be
compared.
Effects of Computers on Auditing
• Changes to Evidence collection
• Changes to evidence Evaluation
Foundations of Information Systems
Auditing
Traditional
auditing
Information
Systems
Management
Information systems
auditing
Computer
science
Behavioral
Science