Planning for IT Audit Session 4.

Slides:



Advertisements
Similar presentations
Module 1 Evaluation Overview © Crown Copyright (2000)
Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Learning Objectives LO1 Describe the conceptual audit risk model and its components. LO2 Explain the usefulness and limitations of the audit risk model.
Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.
Auditing Computer-Based Information Systems
S17: Field work. Session Objectives  To explain the manner in which field audit is carried out.  To explain the nature of evidence and the different.
Review of Introduction to Auditing
Auditing A Risk-Based Approach To Conducting A Quality Audit
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Purpose of the Standards
Lecture 8 Understanding entity and its environment
ASPEC Internal Auditor Training Version
Internal Audit. Session objectives Define Internal Audit To understand functions of Internal Audit To assess effectiveness of Internal Audit and reliance.
Quality Representative Training Version
Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.
Welcome ISO9001:2000 Foundation Workshop.
Conducting the IT Audit
Planning an Internal Audit JM García Merced. Brainstorm.
Auditing Internal Control over Financial Reporting
Professional Certificate – Managing Public Accounts Committees Ian “Ren” Rennie.
Auditing Internal Control over Financial Reporting
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Understanding Audit Risk Assessment
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
Audit Risk. "Audit risk" means the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated Audit.
Internal Control in a Financial Statement Audit
SAS Update GFOA Western Pa – January 2008 Presented by Rob Lent, CPA, CGFM.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 8.1 Control Risk,
S7: Audit Planning. Session Objectives To explain the need for planning To explain the need for planning To outline the essential elements of planning.
1 1 Internal Audit Annual Planning, Engagement Planning and Execution.
Audit Planning. Session Objectives To explain the need for planning To outline the essential elements of planning process To finalise the audit approach.
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Completing the Tests in the Sales and Collection Cycle: Accounts Receivable Chapter 16.
Conducting an Information Systems Audit
S4: Understanding the IT environment of the entity.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Copyright © 2007 Pearson Education Canada 1 Chapter 24: Assurance Services: Internal Auditing and Government Auditing.
Audit Planning Process
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
BA 427 – Assurance and Attestation Services Lecture 21 Tests of Controls.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
OVERVIEW THE AUDIT PROCESS Overview of the Audit Process.
RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Company Confidential RMC Auditor Workshop Charleston, SC
S19: Documentation of fieldwork. Session Objectives ♂ In the last session, we have discussed the standards of documentation and the standard files to.
Chapter 3-Auditing Computer-based Information Systems.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
 Planning an audit of cost statements, records and other related documents is considered necessary to ensure achievement of audit objectives with available.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
AUDIT EVIDENCE AND FINANCIAL STATEMENT ASSERTIONS 1.
8 INTERNAL CONTROL. Definition Duty  mgt (CEO)  Board  Internal auditor  Employee  External person.
Jean-Pierre Garitte Budapest 29 March 2017
Auditing Concepts.
Components of software quality assurance system overview
An Overview on Risk Management
PLANNING, MATERIALITY AND ASSESSING THE RISK OF MISSTATEMENT
Components of software quality assurance system overview
FEASIBILITY STUDY Feasibility study is a means to check whether the proposed system is correct or not. The results of this study arte used to make decision.
HUMAN RESOURCE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Understanding the entity
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Statement of Auditing Standard No. 94
How to conduct Effective Stage-1 Audit
AUDIT TESTS.
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Good practices for risk assessment and control activities
Presentation transcript:

Planning for IT Audit Session 4

Planning Planning helps in the direction and control of auditor’s work; highlighting critical areas ; allocation of scarce audit resources towards more important areas; setting time frame and targets for review work ; obtaining sufficient, reliable and relevant audit evidence and subsequently aid the auditee in sound decision making

Types of Planning Strategic plan Annual plan Micro plan / audit programme

Strategic Plan Plan for a period of 3-5 years and addresses issues like aims and long term objectives of audit; audit priorities and criteria for prioritisation; how to re-orient audit techniques and methods to meet the changing requirements; human and infrastructure requirements and training needs

Annual Plan Translates the long term plan into a programme of work for the ensuing year Planning here defines the aims and objectives of each of the major audits to be undertaken during the year, given the resources available within the SAI

Micro Plan Operational plan for each individual audit and spells out the details of tasks to be undertaken for each audit along with the time schedule Technical Planning Logistical Planning Risk Assessment

Technical Plan Obtain an overview of the nature of auditee business and the business environment regulatory environment in which the auditee functions the size, type, nature and complexity of the IT systems major IT systems nature of risks the systems are exposed to critical organizational units/functions main types and volume of transactions processed by the systems extent and scope of internal audit

Logistical Plan Involves allocation of responsibilities of the IT audit team; planning the methodology of audit; deciding the scope and extent of audit coverage framing budget and obtaining approvals drawing up the time schedule for various tasks; exploring ways of obtaining audit evidence and framing the reporting requirements

Risk Assessment Risk assessment is the responsibility of the top management and includes a systematic consideration of the business harm likely to result from a security failure, the realistic likelihood of such a failure occurring and the controls currently implemented

Steps in Risk Analysis Inventory of information systems in use in the organization Determine which of the systems impact critical functions or assets, such as money, materials, customers, decision making, and how close to real time they operate. Assess what risks affect these systems and the severity of impact on the business

Types of Risks Inherent risk Control risk Detection risk

Inherent Risk Inherent risk is the susceptibility of information resources or resources controlled by the information system to material theft, destruction, disclosure, unauthorized modification, or other impairment, assuming that there are no related internal controls

Control Risk Control risk is the risk that an error which could occur in an audit area, and which could be material, individually or in combination with other errors, will not be prevented or detected and corrected on a timely basis by the internal control system

Detection Risk Detection risk is the risk that the IT auditor’s substantive procedures will not detect an error which could be material, individually or in combination with other errors.

Introduction to Controls Internal controls include policies, procedures, practices and organizational structures put in place to reduce risks The extent of internal controls present would determine the risk levels of the application under audit and also the quantum of auditing to be undertaken

Audit Planning Memo The purposes of an audit planning memo is to: define the scope of IT audit; describe the justification for the audit approach; describe how the audit should progress; and provide a means for communicating the audit plan to other assigned audit staff

Outline of Audit Planning Memo Background of the audited entity Objectives of the audit Critical areas to be examined Resource requirements

Audit Scope Scope defines the boundaries of the audit. It addresses aspects like period and number of locations to be covered and the extent of substantive testing depending on risk levels and control weaknesses

Audit Objectives Audit objectives should take into consideration the managements’ objectives for a system whether the system meets the managements’ objectives and serves the business interests

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.