11. Auditing Computer-based Information Systems Flashcards
What is auditing
Tip: objectively evaluating assertions
Auditing objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence.
How does internal auditors add value to their organization in helping to achieve the goals of the organization by conducting?
Tip: 1) financial, 2) internal control AIS, 3) operational, 4) compliance, 5) investigative
1) financial, examines the reliability and integrity of financial transaction, accounting records and financial statements.
2) information system or internal control, reviews control policies and procedures of an AIS (input, processing, output, storage)
3) operational, focus on efficient use of resources
4) compliance, laws and regulations
5) investigative, examines potential fraud, waste, abuse, misappropriation
What does external auditors emphasis?
Tip: fairness
External auditors emphasis on the fairness of financial statements while the internal auditor focus on adherence to management policies
What are the major steps in the auditing process
Tip: 1) audit planning, 2) collection, 3) evaluation, 4) communication
- Audit planning (why, how, when and who) and establish scope and objectives of the audit; identify risk
- Collection of audit evidence
- Evaluation of evidence
- Communication of the results
Describe step 1) about audit planning from the major steps in the auditing process
Tip: add classification of risk
Audit planing focus on why, how, when, who and establish scope as well objectives of the audit.
Its about identifying risk that classification as inherent risk, control risk and detection risk.
What is inherent risk
Inherent risk susceptibility to significant control problems if there is no internal control.
What is control risk
Control risk is about material misstatement will go through the internal control and into the financial statements.
What is detection risk
Detection risk is about auditors and their audit procedures that fail to detect a material error or misstatement.
Describe step 2) collection of audit evidence from the major steps in the auditing process
Collecting of audit evidence can be done through observation, reviewing documentation, interviews, discussion and questionnaires etc.
Describe step 3) evaluation of evidence from the major steps in the auditing process
Auditors conclude that the evidence support or does not support the assertion. The auditor also seeks reasonable assurance that no material error exist in the information or process audited.
When the inherent or control risk is high, the audit must obtain greater assurance to offset the greater uncertainty and risk
Describe step 4) communication of the results from the major steps in the auditing process
Is the form of a written report and often includes recommendations to;
Management, board of directors and others.
Afterwards, auditors often do a follow-up to ascertain whether recommendations were implemented
Risk-based audit provides auditor with a clearer understanding of the fraud and errors that can occur and the related risks and exposure. It is a framework for conducting internal information system audits and consist of?
Tip: 1) identify fraud, 2) identify internal control, 3) evaluate internal control, 4) determine
- identify fraud and errors (threat) that can occur that threaten each objective
- identify internal control procedures (prevent, detect, correct the threats)
- evaluate internal control procedures, review and test if they work as intended
- determine effect of internal control weaknesses
Describe operational system audit
Tip: ALL
Operational system audit encompasses all aspect of system management, and not just information system and financial statements.
