Please enable JavaScript.
Coggle requires JavaScript to display documents.
THE IMPACT OF INFORMATION TECHNOLOGY ON AUDIT PROCESS pic_mind_map…
THE IMPACT OF INFORMATION TECHNOLOGY ON AUDIT
PROCESS
The Audit Process in CIS Environment
CIS may affect the audit process on the followings: (Cont'd)
Skill and competence
Knowledge of business
3.Planning
Risk Assessment
Audit procedures
Risk Assessment
(Cont'd)
The nature of of risk in CIS environment includes:
Lack of transaction trail
Audit trail may available for the short period or not in the form of computer readable form or if the transaction is too complex and high volume, errors may embedded in application’s program logic and difficult to detect on a timely basis.
Lack of segregation of duties
Many of control procedures are performed by separate individual in manual systems but may not be in CIS.
Potential for errors and irregularities.
Potential for human error and unable to detect the error may be greater in CIS. Also the potential of unauthorised access to data without visible evidence may be greater in CIS than manual system.
Initiation or execution of transaction.
CIS may have capabilities to execution transaction automatically. For example calculation of depreciation. The authorization for transaction is not available.
Lack of visible output.
Certain transaction or result may not be printed. Thus, the lack of visible output may result in the need to access data retained on files readable only by computer.
Ease of access to data and computer programs.
Data and computer programs can be accessed and altered at the computer or from the remote location. Therefore, auditor should review the appropriate control measure to prevented unauthorised access and alteration of the data.
Absence of input document.
Data may be entered into the computer without supporting documents.
Risk may result from CIS activities.
Assessment of deficiencies in activities such as program development, maintenance, operation, physical CIS security and etc
Risk due to complex application in CIS.
For example, integrated data between department within organization and with other organization. These also may increase risk and required further consideration