4.2.1 (EFFECT OF LAWS AND REGULATIONS ON IS AUDIT PLANNING (An IS auditor…
EFFECT OF LAWS AND REGULATIONS ON IS
Because of the dependency on information systems and related technology, several countries are making efforts to add legal regulations concerning IS audit and assurance.
. The content of these legal regulations pertains to:
• Establishment of regulatory requirements
• Responsibilities assigned to corresponding entities
• Financial, operational and IS audit functions
An IS auditor would perform the following steps to determine an organization’s level of compliance with external requirements:
Identify those government or other relevant external requirements dealing with:
– Electronic data, personal data, copyrights, ecommerce, esignatures, etc.
– Information system practices and controls
– The manner in which computers, programs and data are stored
– The organization or the activities of information technology services
– IS audits
• Document applicable laws and regulations.
Assess whether the management of the organization and the IT function have considered the relevant external requirements in
and in setting policies,
standards and procedures,
as well as business application features.
Review internal IT department/function/activity
address adherence to laws applicable to the industry
adherence to established procedures that address these
Determine if there are procedures in place to ensure contracts or agreements with external IT services providers reflect any legal requirements related to responsibilities.
There are two major areas of concern
: These areas impact the audit scope and audit objectives.
Legal requirements (i.e., laws, regulatory and contractual agreements) placed on audit or IS audit
Legal requirements placed on the auditee and its systems, data management, reporting, etc.
is important to internal and external audit and assurance professionals.