Professional Documents
Culture Documents
Auditing Computer-Based Information Systems
Auditing Computer-Based Information Systems
Describe the scope and objectives of audit work, and identify the
major steps in the audit process.
Information System
Reviews the controls of an AIS to assess compliance with:
Internal control policies and procedures and effectiveness in safeguarding assets
Operational
Economical and efficient use of resources and the accomplishment of established goals and
objectives
Compliance
Determines whether entities are complying with:
Applicable laws, regulations, policies, and procedures
Investigative
Incidents of possible fraud, misappropriation of assets, waste and abuse, or improper
governmental activities.
Planning
Collecting Evidence
Evaluating Evidence
Questionnaires
Analytical review
Examining relationships and
Physical examination trends
Materiality
How significant is the impact of the evidence?
Reasonable Assurance
Some risk remains that the audit conclusion is incorrect.
Identify the control procedures that prevent, detect, or correct the threats.
These are all the controls that management has put into place and that auditors should
review and test, to minimize the threats
Purpose:
To review and evaluate the internal controls that protect the system
Objectives:
1. Overall information security
2. Program development and acquisition
3. Program modification
4. Computer processing
5. Source files
6. Data files
Theft
Controls:
Management and user authorization and approval, thorough testing, and
proper documentation
Reprocessing
Use of source code to re-run program and compare for discrepancies
Parallel Simulation
Auditor-created program is run and used to compare against source code
Snapshot Technique
Master files before and after update are stored for specially marked transactions
Audit Hooks
Notify auditors of questionable transactions
Integrity
Security of data