Please enable JavaScript.
Coggle requires JavaScript to display documents.
EVIDENCE
Conclusions of Auditor should be based on sufficient , relevant …
EVIDENCE
Conclusions of Auditor should be based on sufficient , relevant , competent evidence
-
-
-
To determine relevance of IS Auditor should focus on the OVERALL OBJECTIVE OF REVIEW and not the nature of the evidence gathered.
-
understanding of the rules of evidence is important for IS auditors because they may encounter a variety of evidence types.
-
The rules of evidence and sufficiency as well as the competency of evidence must be considered as required by audit standards.
INTERVIEWING AND OBSERVING PERSONNEL IN PERFORMANCE OFTHEIR DUTIES : observation will assist auditor in indentifying
Actual functions
observation could be an adequate test to ensure that the INDIVIDUAL WHO IS ASSIGNED AND AUTHORIZED to perform a particular function IS THE PERSON WHO IS ACTUALLY DOING THE JOB
It allows the IS auditor an opportunity to witness how policies and procedures are understood and practiced.
-
-
Security awareness
should be observed to verify an INDIVIDUAL'S UNDERSTANDING AND PRACTICES OF GOOD PREVENTIVE AND DETECTIVE SECURITY MEASURES to safeguard the company's assets and data.
This type of information could be complemented with an EXAMINATION OF PREVIOUSLY PLANNED SECURITY TRAINING.
Reporting relationships
should be observed to ensure that ASSIGNED RESPONSIBILITIES AND SEGREGATION OF DUTIES are being practiced
-
Observation drawback
Personnel, upon noticing that they are
being observed, may change their usual behavior.
Interviewing information processing personnel and management should provide adequate assurance that the staff has the required technical skills to perform the job.
-