Please enable JavaScript.
Coggle requires JavaScript to display documents.
THE IMPACT OF INFORMATION TECHNOLOGY ON AUDIT PROCESS pic_mind_map…
THE IMPACT OF INFORMATION TECHNOLOGY ON AUDIT
PROCESS
The Audit Process in CIS Environment
CIS may affect the audit process on the followings: (Cont'd)
Skill and competence
Knowledge of business
3.Planning
Risk Assessment
Audit procedures
Risk Assessment
The inherent and control risks in a CIS environment may have both a pervasive and an account-specific effect on the likelihood of material misstatement:
(a) The risks may result from deficiencies in pervasive CIS activities such as program development and maintenance, systems software support, operations, physical CIS security, and control over access to special-privilege utility programs.
These deficiencies would tend to have a pervasive effect on all application systems that are processed on the computer; and
(b) The risks may increase the potential for errors or fraudulent activities in specific applications, in specific databases or master files, or in specific processing activities.
For example errors are common in systems that perform complex tasks or calculations, or that must deal with many different exception conditions.
Assess Risk
The auditor should use risk assessment techniques to identify critical vulnerabilities pertaining to the organization’s reporting, and operational and compliance requirements when developing the risk assessment review plan.
These techniques include:
• The review’s nature, timing, and extent.
• The critical business functions
supported by application controls.
• The extent of time and resources to be expended on the review.
Auditors should ask four key questions when determining
the review’s appropriate scope:
What are the biggest organization wide risks and main audit committee concerns that need to be assessed and managed while taking management views into account?
Which business processes
are impacted by these risks?
Which systems are used to
perform these processes?
Where are processes performed
When identifying risks, auditors may find it useful to employ a top-down risk assessment to determine which applications to include as part of the control review and what tests need to be performed.
