Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
2Activity
0 of .
Results for:
No results containing your search query
P. 1
Illegal Acts

Illegal Acts

Ratings:

4.0

(1)
|Views: 235 |Likes:
Published by adiltsa
ILLEGAL ACTS
ILLEGAL ACTS

More info:

Categories:Types, Brochures
Published by: adiltsa on Aug 05, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

08/06/2009

pdf

text

original

 
i
Introduction—
The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits requirestandards that apply specifically to IS auditing. One of the goals of the Information Systems Audit and Control Association
(ISACA
) is toadvance globally applicable standards to meet this need. The development and dissemination of the IS Auditing Standards are acornerstone of the ISACA professional contribution to the audit community.
Objectives—The objectives of the ISACA IS Auditing Standards are to inform:
 
 
IS auditors of the minimum level of acceptable performance required to meet the professional responsibilities set out in the ISACA
Codeof Professional Ethics
for IS auditors
 
Management and other interested parties of the profession’s expectations concerning the work of practitionersThe objective of the IS Auditing Procedures is to provide further information on how to comply with the IS Auditing Standards.
Scope and Authority of IS Auditing Standards—
The framework for the IS Auditing Standards provides multiple levels of guidance:
Standards
 
define mandatory requirements for IS auditing and reporting.
 
Guidelines
 
provide guidance in applying the IS Auditing Standards. The IS auditor should consider them in determining how toachieve implementation of the standards, use professional judgment in their application and be prepared to justify any departure.
Procedures
 
provide examples of procedures an IS auditor might follow in an audit engagement. Procedures should not be consideredinclusive of any proper procedures and tests or exclusive of other procedures and tests that are reasonably directed to obtain the sameresults. In determining the appropriateness of any specific procedure, group of procedures or test, IS auditors should apply their ownprofessional judgment to the specific circumstances presented by the particular information systems or technology environment. Theprocedure documents provide information on how to meet the standards when performing IS auditing work, but do not set requirements.The words audit and review are used interchangeably. A full glossary of terms can be found on the ISACA web site at
www.isaca.org/glossary.
Holders of the Certified Information Systems Auditor 
(CISA
®
) designation are to comply with the IS Auditing Standards adopted by ISACA.Failure to comply with these standards may result in an investigation into the
 
CISA holder’s conduct by the ISACA Board of Directors or appropriate ISACA committee and, ultimately, in disciplinary action.
Development of Standards, Guidelines and Procedures
The ISACA Standards Board is committed to wide consultation in the preparation of the IS Auditing Standards, Guidelines and Procedures.Prior to issuing any documents, the Standards Board issues exposure drafts internationally for general public comment. The StandardsBoard also seeks out those with a special expertise or interest in the topic under consideration for consultation where necessary.The following Control Objectives for Information and related Technology (C
OBI
T
) resources should be used as a source of best practiceguidance:
 
Control Objectives
—High level and detailed generic statements of minimum good control.
 
Control Practices
—Practical rationales and “how to implement” guidance for the control objectives.
 
 Audit Guidelines
—Guidance for each control area on how to: obtain an understanding, evaluate each control, assess compliance andsubstantiate the risk of controls not being met.
 
Management Guidelines
—Guidance on how to assess and improve IT process performance, using maturity models, metrics andcritical success factors.
 
Each of these is organised by IT management process, as defined in the C
OBI
T
Framework 
. C
OBI
T is intended for use by business and ITmanagement as well as IS auditors, therefore its usage enables the understanding of business objectives, and communication of bestpractices and recommendations, to be made around a commonly understood and well-respected standard reference.The Standards Board has an ongoing development programme and welcomes the input of ISACA members and other interested parties tohelp identify emerging issues requiring new standards. Any suggestions should be e-mailed (
research@isaca.org 
), faxed (+1.847.253.1443)or mailed (address provided at the end of this procedure) to ISACA International Headquarters, to the attention of the director of research,standards and academic relations.This material was issued on 1 October 2003.
INFORMATION SYSTEMS AUDIT AND CONTROL ASSOCIATION 2002-2003 STANDARDS BOARD
 
Chair, Claudio Cilli, CISA, CISM, Ph.D., CIA, CISSP KPMG, ItalyClaude Carter, CISA, CA Nova Scotia Auditor General’s Office, CanadaSergio Fleginsky, CISA PricewaterhouseCoopers, UruguayAlonso Hernandez, CISA, ROAC Colegio Economistas, SpainMarcelo Hector Gonzalez, CISA Central Bank of Argentina Republic, ArgentinaAndrew MacLeod, CISA, FCPA, MACS, PCP, CIA Brisbane City Council, Australia
 
Peter Niblett, CISA, CA, CIA, FCPA Day Neilson, AustraliaJohn G. Ott, CISA, CPA Aetna, Inc., USAVenkatakrishnan Vatsaraman, CISA, ACA, AICWA, CISSP Emirates Airlines, United Arab Emirates
 
IS AUDITING PROCEDURE
 
IRREGULARITIES AND ILLEGAL ACTS
DOCUMENT P7
 
 
Irregularities and Illegal Acts Procedure Page 3
 
1. BACKGROUND1.1 Linkage to ISACA Standards and Guidelines
 
1.1.1
 
Standard S3 Professional Ethics and Standards states, “The IS auditor should adhere to the ISACA Code of ProfessionalEthics in conducting audit assignments.”
1.1.2
 
Standard S3 Professional Ethics and Standards states, “The IS auditor should exercise due professional care, includingobservance of applicable professional auditing standards, in conducting the audit assignments..”
1.1.3
 
Guideline G19 Irregularities and Illegal Acts provides guidance.
1.1.4
 
Procedure P1 IS Risk Assessment Measurement provides guidance.
1.1.5
 
Guideline G15 Planning provides guidance.
1.1.6
 
Guideline G 6 Materiality Concepts for Auditing Information Systems provides guidance.
1.1.7
 
Guideline G 2Audit Evidence Requirement provides guidance.
1.2
 
Linkage to C
OBI
T
 1.2.1
 
The C
OBI
T
 
Framework 
states, "It is management's responsibility to safeguard all the assets of the enterprise. To dischargethis responsibility, as well as to achieve its expectations, management must establish an adequate system of internal control."
 
1.2.2
C
OBI
T’s
Management Guidelines
provide a management-oriented framework for continuous and proactive control self-assessment specifically focused on:
Performance measurement—How well is the IT function supporting business requirements?
IT control profiling—What IT processes are important? What are the critical success factors for control?
Awareness—What are the risks of not achieving the objectives?
Benchmarking—What do others do? How can results be measured and compared?
1.2.3
The
Management Guidelines
provide example metrics enabling assessment of IT performance in business terms. The keygoal indicators identify and measure outcomes of IT processes and the key performance indicators assess how well theprocesses are performing by measuring the enablers of the process. Maturity models and maturity attributes provide for capability assessments and benchmarking, helping management measure control capability and identify control gaps andstrategies for improvement.
1.2.4
The
Management Guidelines
can be used to support self-assessment workshops and they can also be used to support theimplementation by management of continuous monitoring and improvement procedures as part of an IT governance scheme.
1.2.5
C
OBI
T provides a detailed set of controls and control techniques for the information systems management environment.Selection of the most relevant material in C
OBI
T applicable to the scope of the particular audit is based on the choice of specific C
OBI
T IT processes and consideration of C
OBI
T’s information criteria.
 
1.2.6
 
Refer to the C
OBI
T reference located in the appendix of this document for the specific objectives or processes of C
OBI
T thatshould be considered when reviewing the area addressed by this guidance.
1.3
 
Need for Procedures1.3.1
 
Although the IS auditor has no explicit responsibility to detect or prevent irregularities, the IS auditor should assess the levelof risk that irregularities could occur. The result of the risk assessment and other procedures performed during planningshould be used to determine the nature, extent and timing of the procedures performed during the engagement. The ISauditor should use his/her professional judgment. This document is intended to assist the IS auditor in achieving this purpose.
1.3.2
 
An audit cannot guarantee that irregularities will be detected. Even when an audit is planned and performed appropriately,irregularities could go undetected.
1.3.3
 
The IS auditor may be given information about a suspected irregularity or illegal act and may use data analysis capabilities togather further information.
2.
 
DEFINITIONS2.1
 
Commonly Used Terms
 
2.1.1
Error refers to unintentional misstatements or omissions.
2.1.2
 
Irregularities are intentional violations of established management policy or regulatory requirements, deliberatemisstatements or omissions of information concerning the area under audit or the organisation as a whole, gross negligenceor unintentional illegal acts.
2.1.3
 
Illegal acts are those contrary to the prescriptions of law.
2.1.4
 
Fraud involves the use of deception to obtain unjust or illegal financial advantage.
2
.
1.5
Although there may not be a definite line between the concepts, two elements define the difference from error to fraud,wilfulness and materiality. Wilfulness may be beyond the IS auditor to determine, so materiality will generally be the definingfactor. Material errors ordinarily are corrected by an organisation when they are identified. If a material error that has beenidentified is not corrected, it becomes an irregularity, i.e., an unintentional act is converted into an intentional one.
2.1.6
For convenience in this document, use of the term irregularity will include all concepts of it.
2.2 Materiality2.2.1
Where the IS audit objective relates to systems or operations that process financial transactions, the value of the assetscontrolled by the system(s) or the value of transactions processed per day/week/month/year should be considered inassessing materiality.
2.2.2
Where financial transactions are not processed, the following are examples of measures that could be considered to assessmateriality:
Criticality of the business processes supported by the system or operation
Cost of the system or operation (hardware, software, staff, third-party services, overheads or a combination of these)

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->