Audit Execution Session 5.

Slides:



Advertisements
Similar presentations
Software Quality Assurance Plan
Advertisements

Audit of Autonomous District Councils (in an IT environment using FAAM)
ITAuditing Using GAS & CAATs
Auditing Computer-Based Information Systems
Discussion on SA-500 – AUDIT EVIDENCE
Auditing Computer Systems
Auditing Computer-Based Information Systems
The Islamic University of Gaza
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
S17: Field work. Session Objectives  To explain the manner in which field audit is carried out.  To explain the nature of evidence and the different.
IS Audit Function Knowledge
Computer Assisted Audit Techniques
Pertemuan 7-8 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
AUDITING INFORMATION TECHNOLOGY USING COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES.
Advanced Accounting Information Systems
The Information Systems Audit Process
Short Course on Introduction to Meteorological Instrumentation and Observations Techniques QA and QC Procedures Short Course on Introduction to Meteorological.
FPSC Safety, LLC ISO AUDIT.
Chapter 13 Auditing Information Technology
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.
AUDIT PROCEDURES. Commonly used Audit Procedures Analytical Procedures Analytical Procedures Basic Audit Approaches - Basic Audit Approaches - System.
Audit Programme. Audit Assertions  As part of the planning stage, auditors need to prepare audit tests to test the account areas.  To assist the auditors.
Auditing Computerized Information Systems
Auditing Internal Control over Financial Reporting
(SIA) 14 Internal Audit in an Information Technology Environment Standard should be read in the conjunction with the “Preface to the Standards on Internal.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
5 - 5 ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Audit Evidence Chapter 7.
S7: Audit Planning. Session Objectives To explain the need for planning To explain the need for planning To outline the essential elements of planning.
Audit Planning. Session Objectives To explain the need for planning To outline the essential elements of planning process To finalise the audit approach.
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
S14: Analytical Review and Audit Approaches. Session Objectives To define analytical review To define analytical review To explain commonly used analytical.
S4: Understanding the IT environment of the entity.
THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented  Small, simple systems  Weaker controls System-Oriented.
State of the Art Audit Evidence
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Nature and Type of Audit Evidence
AUDIT IN COMPUTERIZED ENVIRONMENT
 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 13 – 1 Chapter 13 Auditing Information Technology.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
Audit Evidence Process
Analytical Review and Audit Approaches
1 Performance Auditing ICAS & IRAS Officers NAAA 21 Jan 2016.
Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
S19: Documentation of fieldwork. Session Objectives ♂ In the last session, we have discussed the standards of documentation and the standard files to.
Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Chapter 3-Auditing Computer-based Information Systems.
Introduction to Compliance Auditing
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
 Planning an audit of cost statements, records and other related documents is considered necessary to ensure achievement of audit objectives with available.
Jean-Pierre Garitte Budapest 29 March 2017
Audit Documentation.
Auditing Concepts.
Developing the Overall Audit Plan and Audit Program
AUDIT LECTURE 6 AUDIT EVIDENCE HOLY KPORTORGBI
Auditing Information Technology
SYSTEMS ANALYSIS Chapter-2.
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Auditing & Investigations I
Types of CAATs Session 3.
Internal Audit Training
How to conduct Effective Stage-1 Audit
TECHNOLOGY ASSESSMENT
AUDIT TESTS.
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Information Technology Auditing
Jean-Pierre Garitte Skopje 8 April 2019
Tools and Techniques for the Auditor: Fieldwork
Evaluation of internal control
Presentation transcript:

Audit Execution Session 5

Audit Execution Entry conference Evidence collection and evaluation Exit conference

Entry Conference Meeting with senior management Finalise scope of work Understand the management concerns Schedule the dates Discuss audit methodology

Entry Conference (contd.) Apprise senior management of Broad objectives of audit Proposed audit plan Possible areas of concern

Evidence Collection and Evaluation Types of audit evidence Observed process and existence of physical items Documentary audit evidence (including electronic records) Analysis( including IT enabled analysis using CAATs)

Physical Evidence Obtained by observing Get auditee to confirm/accept physical evidence Visual verification of presence of water and smoke detectors Physical environment of system to be verified

Interview To obtain qualitative and quantitative evidence Interview system analysts, programmers, clerical/data entry staff , users and operations staff Understand functions and controls of systems

Planning for Interview Ensure that the information required is not readily available elsewhere Identify those personnel within an organization who can provide the best information of an interview topic Identify clearly the objectives of the interview Prepare a report as soon as possible after the interview

Used to flag areas of system weakness during evidence collection Avoid Questionnaires Used to flag areas of system weakness during evidence collection Avoid ambiguous questions leading questions presumptuous questions hypothetical questions embarrassing questions

Flowcharts Control flowcharts show that controls exist in a system and where these controls exist in the system. They have three major audit purposes: Comprehension; Evaluation; and Communication

Analytical Procedures Use of comparisons and relationships to determine whether data/account balances appear reasonable CAATs can be useful in analytical audit procedures

Tools of Evidence Collection Generalised audit software Industry specific audit software Specialised audit software Concurrent auditing tools

Generalised Audit Software Off-the-shelf software that provides the means to gain access to and manipulate data maintained on computer storage media Developed specifically to accommodate a wide variety of different hardware and software platforms Provide a number of functions such as file access, file re- organisation, selection and extraction of data, various data analysis function and reporting functions

Industry Specific Audit Software Designed to provide high level commands that invoke common audit functions needed within a particular industry They provide industry specific logic

Specialised Audit Software Software written to fulfil a specific set of audit tasks Most well developed systems have embedded audit modules, comprising routines to throw up alerts

Concurrent Auditing Tools Collecting audit evidence at the same time as an application system undertakes processing of its data Could be in the form of special audit modules embedded in application systems to collect process and print audit evidence evaluate application systems with test data used to select transactions for audit review used to trace or map the changing states of application systems

Concurrent Auditing Tools (contd.) Some of the concurrent auditing techniques are - Integrated Test Facility (ITF) Systems control audit review file and embedded audit modules (SCARF/EAM) Snapshots Audit hooks Continuous and intermittent simulation (CIS)

Audit Tests There are two types of audit tests Substantive tests Compliance tests

Substantive Testing Provides auditors with evidence about the validity and propriety of the transactions and balances

Substantive Testing (contd.) Examples of substantive testing Conducting system availability analysis Performing system storage media analysis Conducting system outage analysis Comparing computer inventory as per book vis-à-vis actual count Reconciling account balances

Compliance Testing Concerned with testing the transactions for compliance with rules and regulations of the entity and provides auditors with evidence about presence/absence of internal controls Can be used to test the existence and effectiveness of a defined process

Compliance Testing (contd.) Examples of compliance testing Determining whether passwords are changed periodically Determining whether system logs are reviewed Determining whether program changes are authorised Determining whether controls are functioning as prescribed Determining whether a disaster recovery plan was tested

Two primary methods of sampling used by IT auditors Testing of selected items within a population to obtain and evaluate evidence about some characteristic of that population, in order to form a conclusion concerning the population Two primary methods of sampling used by IT auditors Attribute sampling and Variable sampling

Sampling (contd.) Advantages of using sampling Provides a framework for obtaining sufficient audit evidence Minimizes the risk of over-auditing Facilitates more expeditious review of working papers Increases the acceptability of audit conclusions by the auditee

Evaluation of Evidence While arriving at audit conclusions, the auditor needs to benchmark the conditions to ensure that evidence is factual and discovered by the auditor; based on standards or guidelines against which the conditions are evaluated; Effect, impact and significance of variance

Audit Findings An audit finding is complete to the extent that the audit objectives are satisfied and the report clearly relates those objectives to the finding’s elements. A deficiency finding should have five elements or attributes as detailed below. Criteria (what should be) Condition (what is) Cause (why condition occurred) Effect (what is the consequence) Recommendation (what is to be done)

Significance of Audit Findings Significance of audit findings can be assessed from two aspects: the nature of the finding itself and the quality of the recommendations

Significance of Audit Findings (contd.) Two advantages of focused audit findings and recommendations quantitative aspects revenues increased, cost decreased, number of defects reduced etc. qualitative aspects citizens/client satisfaction increased, employee morale improved and compliance with laws and regulations is achieved

Exit Conference Communication and discussion of audit observations formally with management Ensures better understanding and increase buy-in of audit recommendations Gives the auditee organisation an opportunity to express their viewpoints on the issues raised Help in finalizing recommendations which are practical and feasible

Reporting and Follow up Structure of an Audit Report Introduction Audit Objectives, Scope and Methodology Audit Findings Audit Conclusions Recommendations