Professional Documents
Culture Documents
in a Computerized Environment
AUDITING in a CIS
Audit planning and risk assessment in a computerized environment
require a thorough understanding of the client’s IT systems, controls,
and potential risks.
STEPS/PROCEDURES
Understanding Understanding
Identifying Key Assessing Assessing General
the Client’s IT Automated
IT Risks Internal Controls Controls
Environment Controls
Communication
Performing Data Documenting Developing an Continuous
and
Analysis Audit Procedures Audit Plan Monitoring
Collaboration
General Controls vs Specific Controls
Specific Controls – are controls that are directly related to specific IT applications or processes
within an organization.
Examples: Input Controls, Processing Controls, Output Controls
Auditors’ Response:
1. Risk Assessment
2. Testing Access Controls
3. Reviewing User Access Logs
4. Assessing Segregation of Duties
5. Recommendation for Improvement
6. Follow-up and Monitoring