Please enable JavaScript.
Coggle requires JavaScript to display documents.
IT Audit Program & Audit Report - Coggle Diagram
IT Audit Program & Audit Report
Audit or Assurance
Assurance
number of related activities designed to provide the reader or user of the report with a level of assurance or comfort over the subject matter
Audit
formal inspection and verification to check whether a standard or set of guidelines is being followed, records are accurate, or efficiency and effectiveness targets are being met
Difference
audit is independent from operational functions, which allows audit to provide objective and unbiased opinions about the effectiveness of the internal control environment
Assurance activities
can be performed by different compliance functions while
audit activities
should be performed by audit professionals only
Audit & Assurance Programs
what?
more granular description of the work to be performed to meet the engagement objectives
objectives
Formally document audit procedures and sequential steps
Create procedures that are repeatable and easy to use by internal or external auditors who need to perform
similar audits
Document the type of testing that will be used (compliance and/or substantive)
Meet general accepted audit standards that relate to the planning phase in the audit process
skills to develop good
audit programs
Good understanding of the nature of the enterprise and its industry to identify and categorize the types of risk and threat
Good understanding of the IT space and its components and sufficient knowledge of the technologies that
affect them
Understanding of the relationship between business risk and IT risk
A basic knowledge of risk assessment practices
Understanding of the different testing procedures for evaluating IS controls and identifying the best method of
evaluation
Steps to Develop an Audit and Assurance Program
Knowledge, skills and experience needed to prepare and execute fieldwork
Physical locations or business entities that will be part of the scope
Resources needed to meet the engagement’s objective
Sources of information about business processes and supporting technologies
Inputs
Set
audit scope
Perform
preaudit planning
Define
audit objective
Determine
procedures
Determine
audit subject
Audit Methodology
what?
set of documented procedures that are designed to achieve the audit objectives
should be approved by management
include a statement of scope, objectives and audit programs
phases
Audit subject
Objective
Scope
Pre-audit planning
Audit procedures and steps for data gathering
Procedures to evaluate the test
Reporting and communication
Report preparation
Audit Process
Phases
fieldwork
reporting
planning
Audit Report
what?
issues in the standard format as prescribed by regulating standards related with auditing
issued by an auditor to enable the users of financial statements to make decision based on the results of audit
Auditor Report
written opinion of an auditor regarding an entity's financial statements
process
Audit Evidence
Misstatement
Evaluation
Opinion
Auditor’s report
modification to auditor's opinion
Unqualified opinion
auditor concludes that the financial statements are prepared in all materials respect in accordance with applicable financial reporting framework
clean opinion and issued when there is no disagreement with management or limitation of scope in the audit
Qualified opinion
auditor, either on the basis of evidence obtained or otherwise, concludes that misstatements are material but not pervasive to the financial statements
Auditor may encounter disagreement with management or limitation of scope but the effect of those is not so material and pervasive as to require an adverse opinion or disclaimer of opinion
Disclaimer of opinion
auditor is unable to obtain sufficient appropriate audit evidence on which to base the opinion and the auditor concludes that possible effects of such undetected misstatements, if any, on the financial statements could be both material and pervasive
Due to limitation of scope is so material and pervasive, auditor is not able to obtain sufficient appropriate audit evidence and accordingly is unable to express an opinion on the financial statements
Adverse opinion
when the auditor, having obtained sufficient appropriate audit evidence concludes that misstatements are both material and pervasive to the financial statements
Disagreement with management is so material and pervasive that qualification of report is not adequate to disclose the misleading or incomplete nature of the financial statements