Professional Documents
Culture Documents
The group will prepare their own reporting framework, but should have at least
the following:
– Objectives of the chapter should be covered
– An exercise or activity that the class can participate
– Sample company/case (Actual)
Must be in a powerpoint presentation
– Less words per slide, much better (be creative and use pictures!!)
Share the reporting framework 1 week before the actual reporting
(Wednesday or Thursday of the week before reporting day)
Group Reporting – Assignments
Group Chapters
1 Auditing IT Governance Controls (2)
2 Auditing IT Security: Operating systems and Networks (3)
3 Auditing IT Security: Database Systems (4)
4 Auditing Systems Development and Program Change
Activities (5)
5 CAATTS - Data Structure and CAATTS for Data Extraction (7)
6 Auditing the Revenue Cycle (9)
7 Auditing the Expenditure Cycle (10)
Review of the Auditing Process and
Introduction to IT Audit
Allen Leo Castro, CPA, CIA
College of Business and Government Management
Pamantasan ng Lungsod ng Maynila
Contents
What is Audit?
Audit Roadmap
Pre-Engagement Activities
Planning Activities
Internal Control Evaluation
Evidence Gathering
Reporting and Completion Activities
Focus of IT Audit
Internal
Evidence Reporting and
Pre-engagement Planning Control
Gathering Completion
Evaluation
12
Pre-Engagement Activities
Pre-engagement Activities
Independence
Am I complying with Code of Ethics and PSA?
Assessment
Professional Requirements
Skills and Competence
Assignment
Delegation
Acceptance and Retention of Clients
Consultation
Monitoring
Integrity
Professional Competence and Due Care
Confidentiality
Independence
Professional Behavior
Objectivity
Technical Knowledge
Management’s Responsibility
Inherent Limitations
Scope of Audit
Unrestricted Access
Reports
Objectives of the Audit
Timetable and Fees
Step 1: Obtain understanding of the entity and its environment, including its
internal control
Step 2: Make a Preliminary assessment of the risk of material misstatement
Step 3: Determine the procedures to perform in response to assessed risks
Step 4: Revise the Preliminary Risk Assessment, as necessary
Step 5: Finalize the Audit Strategy, audit plan and audit program
IR x CR x DR = AR (see sample)
Controls that operate at entity level and relate to all or many applications.
IT General Controls Help effective functioning of application controls by ensuring continued proper operation of IT
system.
Manual
Application Controls Automated
Physical Controls
Narrative Notes
Documentation
Questionnaires
Methods Flowcharts
Significant matters
Internal Control Memo
Audit Completion
SUD
Procedures Subsequent Events
Final Analytical Procedures
Qualfied
Unqualified
Audit Opinion Adverse
Disclaimer