Enhancing the scope of Financial Audit using IT Audit Techniques Concept Paper -- Presentation Prepared by : Muhammad Ali Gheba Dept. of Auditor General of Pakistan Sequence of Presentation • • • • • • Background – Traditional Financial Audit. Changing IT Environment of the Entity. IT environment – impact on Financial Audit. Enhancing Scope – Fraud Detection. Defining Fraud Detection Parameters. Conclusion 1. Back ground – Traditional Financial Audit. • Traditional Scope: ▫ an opinion by the auditor as to whether the financial statements are prepared in all material aspects in accordance with an applicable financial reporting framework. ▫ (&) whether the financial statements are presented fairly, in all material aspects, or give a true and fair view, in accordance with that framework. 1… continued • Auditor’s focus is on “numbers”. • Analysis & scrutiny of number data are baseline for the auditor assurance level. • IT environment is of secondary focus. 2. Changing IT Environment • Business operations adopt IT approach or modify earlier IT approach, continuously. • Newer and more complex financial transaction options become available to an entity/organization. • Global nature of the transactions make it difficult to establish a paper trail. 3. IT Environment – Impact on Financial Audit • Using information technology to implement core business activities introduces two broads aspects: ▫ Economy, Efficiency and timeliness in the business output. ▫ Set of new business risk areas. 3… continued • The risk areas may further be classified into two broad categories: ▫ Information Systems, security, maintenance and allied protocols – based risks ▫ Data availability and credibility aspects – based risks • During routine Financial Audit, auditors normally reviews data availability and credibility risk areas, only. 3…continued • Controls regarding the IT framework itself are normally not focused upon. • Weak IT environment areas can effect credibility of the Financial Information System. • Data may be excellent but, potentially fake. • A change in the Financial Audit approach is thus needed. 4. Enhancing Scope – Fraud Detection • In an IT based Financial Environment there is a greater risk of the auditor not identifying material financial fraudulent activities by using the traditional financial audit approach. • The confidence of stakeholders in the auditors assertions may therefore diminish with time. 4… continued • Detecting Fraud along “defined parameters” in an IT based Financial environment would restore/sustain credibility of a Financial Audit exercise. 5.Defining Fraud Detection Parameters • It may include the following steps: 1. Defining Fraud in context of the financial information system. 2. Defining the scope of fraud detection. 3. Identifying and creating a list of “audit limitations” regarding fraud detection. 5… continued 4. Classifying information system areas having direct or indirect impact on the maintenance of financial information. 5. Classifying the types of financial transactions and the non-IT and IT risks associated with each type. 6. Creating a link between information systems controls and their impact on the financial statements. 5… continued 7. Reviewing the definition of Financial Audit to include aspects of fraud detection in context of defined audit limitation. 6. Conclusions • Enhancing Financial Audit’s scope requires extensive brainstorming and research. • The Financial Auditor may need to go beyond numbers. • And it is apparent that IT Audit techniques may have a significant role in this change of perspective as and when it happens.