Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Audit Evidence Process

advertisement 
Audit Evidence Process
Audit Evidence Process
•
•
•
•
•
Evidence
Evidence gathering techniques
Compliance vs substantive testing
Sampling
Computer Assisted Audit Techniques
(CAATS)
• Analysis
• Review
Evidence
• Independence of the provider of the
evidence
• Qualifications of the individual providing
the information/evidence
• Objective of the evidence
• Timing of the evidence
Evidence Gathering Techniques
• Review information system organization
structures
• Reviewing IS Policies and procedures
• Reviewing information system standards
Evidence Gathering Techniques
• Reviewing information system documentations
– System development initiating document (eg.
Feasibility study)
– Functional requirements and design specifications
– Test plans and reports
– Program and operations documents
– Program change logs and histories
– User manuals
– Operations manuals
– Security related documents
– Quality assurance reports
Evidence Gathering Techniques
• Interviewing appropriate personnel
• Observing processes and employee
performance
Sampling
• Audit samples
– Approaches
• Statistical sampling
• Non statistical sampling
– IS auditor should design and select an audit sample
– Perform audit procedures
– Evaluate sample results
•
•
•
•
Sufficient
Reliable
Relevant
Useful audit evidence
Sampling
• Method
– Attribute sampling
• Attribute sampling
• Stop or go sampling
• Discovery sampling
– Variable sampling
• Stratified mean per unit
• Unstratified mean per unit
• Difference estimation
Sampling
• Key steps
– Determining the objectives of the test
– Defining the population to be sampled
– Determining the sampling method, such as
attribute vs variable sampling
– Calculation the sample size
– Selecting the sample
– Evaluating the sample from an audit
perspective
Compliance vs Substantive Testing
• Compliance
– If controls are being applied in a manner that
complies with management policies and procedures
– To provide IS auditor with reasonable assurance that
the particular on which the IS auditor plans to rely is
operating as the IS auditor perceived in the
preliminary evaluation
– Can be used to test the existence and effectiveness
of a defined process, which may include a trail of
documentary and/or automated evidence
Compliance vs Substantive Testing
• Substantive
– Substantiates the integrity of actual
processing
– Provides evidence of the validity and integrity
of the balances in the financial statements
and the transactions that support these
balances
– To test for monetary errors directly affecting
financial statement balances
Computer Assisted Audit
Techniques (CAATS)
•
•
•
•
•
Types of tools and techniques
Generalized audit software (GAS)
Utility software
Test data
Expert System
Documentation
• Minimum Record
– The planning and preparation of the audit scope and
objectives
– The information systems environment
– The audit program
– The audit steps performed and audit evidence
gathered
– The audit findings, conclusions and
recommendations
– Any report issued as a result of audit work
– Supervisory review comments if any
Documentation
• Audit Documentations (G8)
– Background
• Linkage to Standards
• Need for Guideline
– Planning
• Documentation Contents
• Documentation Custody, Retention, and Retrieval
Related documents
Marketing Plan Rubric
Marketing Plan Rubric
auditing information technology using computer
auditing information technology using computer
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
Quality Management Homework Exam 01.2015 - questions
Quality Management Homework Exam 01.2015 - questions
Turning untidy data into a target rich environment
Turning untidy data into a target rich environment
AUDITING PRINCIPLES
AUDITING PRINCIPLES
Download
advertisement