Premium Essay

Is Audit

In:

Submitted By arisastia
Words 1094
Pages 5
IS Audit Training
Day 1 – Introduction to IS Audit

Objective

This seminar is not about:
Hardware technology

This seminar is about:

Introducing the concepts of “IS auditing” Software technology
Specific computer application

Sharing experiences in conducting IS auditing

Detailing a certain sophisticated
IS audit techniques

Introducing practical approach to conduct IS auditing

© 2006 Veda Praxis
Control Advisory

Page 2

1

Outline
• The need for control and audit of computers
• IS auditing definition
• Foundation of IS auditing
• IS Audit Profession
• ISACA
• Certified Information System Auditor (CISA)

© 2006 Veda Praxis
Control Advisory

Page 3

The need for control and audit of computers
• Organizational costs of data loss
• Incorrect decision making
• Computer abuse
• Value of computer hardware, software and personnel
• High cost of computer error
• Privacy protection

© 2006 Veda Praxis
Control Advisory

Page 4

2

Organizational costs of data loss
• Tangible or intangible cost caused by data loss (disaster, virus, etc.)
• long-run survival
• Bankruptcy
Nike lost $100 million dollars in
February 2001 when they experienced data problems after implementing a new ordering system

© 2006 Veda Praxis
Control Advisory

Page 5

Incorrect decision making
• Data accuracy versus management level
• Impact:
• Unnecessary investigation
• Undetected error
A UK bank discovered it lost approx
£90 million due to data errors in a computer model used to evaluate investment positions

© 2006 Veda Praxis
Control Advisory

Page 6

3

Computer abuse
Threats to business include the following:


Financial loss – loss of electronic funds,



Legal repercussions – lawsuit from investor,



Loss of credibility – security violation can damage credibility,



Blackmail/industrial espionage – exploit security breach,



Disclosure of confidential , sensitive or embarassing

Similar Documents

Premium Essay

Audit

...Audit Committee Material Weaknesses in Smaller Reporting Companies December 2nd, 2010 OUTLINE: I. SUMMARY OF THE ARTICLE II. PROBLEM STATEMENT III. SUGGESTIONS FROM THE AUTHORS IV. RELEVANCE TO AUDITING ENVIRONMENT V. CONCLUSION I. Summary of the Article This report summarizes the article published by Gramling, Audrey A, Hermanson, Dana R, Hermanson, Heather M in the CPA journal of 2009. The main focus of the article is to show the importance of audit committee in auditing and analyze problems of small companies face in developing effective audit committee. The critical issue of the article is material weaknesses related to audit committee and possibility of management’s override of internal control within small companies. Before, the Sarbanes-Oxley Act, audit committees in public companies were under more pressure to understand not just a company's financial statements, but to challenge management and auditors on key accounting, internal control and compliance issues. After the financial scandals that caused firms like Enron and WorldCom to collapse, audit committees have risen from relative darkness to center stage in modern corporate world. As it’s indicated in the article, the new role, the typical audit committee is charged with many duties. Because new role of audit committee increased complexity and accountability, it's easy for directors of small public companies to feel besieged when...

Words: 1917 - Pages: 8

Premium Essay

Audit

...6-22 a. The function of the independent auditor in the audit of financial statements is expression of an opinion on the fairness with which they present, in all material respects, financial position, results of operations, and its cash flows in conformity with generally accepted accounting principles. The auditor's report is the medium through which he expresses his opinion or, if circumstances require, disclaims an opinion. In either case, he states whether his audit has been made in accordance with generally accepted auditing standards. These standards require him to state whether, in his opinion, the financial statements are presented in conformity with generally accepted accounting principles and to identify those circumstances in which such principles have not been consistently observed in the preparation of the financial statements of the current period in relation to those of the preceding period. The responsibilities of the independent auditor in the audit of financial statements are planning and performing the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. Because of the nature of audit evidence and the characteristics of fraud, the auditor is able to obtain reasonable, but not absolute, assurance that material misstatements are detected.   b. The responsibilities of the independent auditor for the detection of fraud is provide reasonable assurance of detecting material...

Words: 566 - Pages: 3

Premium Essay

Audit

...ILLUSTRATIVE AUDIT ENGAGEMENT LETTER (Date) Name of Auditee Address Dear ________________ We are pleased to confirm our understanding of the services we are to provide you with under this engagement. Audit Scope. USAID’s applicable scope of work that was part of your RFP will be included or referenced to. Audit Objectives. The objective of our audit is the expression of opinions as to whether your basic financial statements are fairly presented, in all material respects, in conformity with U.S. generally accepted accounting principles, the objective also includes reporting on: • Internal control related to the financial statements and compliance with laws, regulations, and the provisions of contracts and grant agreements, noncompliance with which could have a material effect on the financial statements, in accordance with Government Auditing Standards. • Internal control related to major programs and an opinion (or disclaimer of opinion) on compliance with laws, regulations, and the provisions of contracts and grant agreements that could have a direct and material effect on each major program in accordance with the Single Audit Act Amendments of 1996 and OMB Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations. Our audit will be conducted in accordance with generally accepted auditing standards established by the Auditing Standards Board (United States); the standards for financial audits contained...

Words: 2547 - Pages: 11

Premium Essay

Audit

...Section A: Audit Practice Part b (i): Why is the audit of cash important part of the audit? From an auditing standpoint, cash is an important account because cash transactions affect all other business and financial processes. Businesses acquire cash by selling goods or services, disposing of fixed assets, or acquiring debt or equity. The same businesses put their cash to use through purchasing, paying employees, and buying inventory. Audits are an important part of business. Cash audits check that money has been handled properly, and performance audits ascertain whether employees are doing their jobs properly. Corporations are likely to undergo tax audits to ensure proper tax reporting and withholding. Audits may be performed in-house by management or human resources, by a third-party consulting firm hired specifically to perform the audits or by IRS agents who are auditing company tax records. The audit of cash is considered an important part of an audit mainly due to almost all business transactions will be ultimately settled through the cash accounts, the audit of cash accounts also assists in the verification of other asset and liability accounts as well as revenue and expenses. Some of the investor relies on the accuracy of the cash account to evaluate the financial health of the company. They use current asset which include the cash account to compute several financial measures. Other than that, cash is the highly liquid asset in a company and it is an area of high...

Words: 9221 - Pages: 37

Premium Essay

Is Audit

...basic controls are omitted. An IS Auditor being a part of this exercise to ensure that the basic controls required for business exist in the re-engineered process.  The IT Security Policy: The IS Auditor due to extensive engagement with the organisation is able to say which parts of the policy are being complied with and can also offer suggestions on improving compliance and making suitable changes to the IT Policy. He can also offer guidance in those areas which may not be adequately addressed in the policy.  Security Awareness: An effective IS Audit helps increase level of security awareness and compliance with security measures among IT users. This also provides motivation to security officers and system administrators to do their job effectively.  Better Return on Investment: IS audits are not only considered for security nowadays but also performance management and value for IT investments. Therefore, an IS audit can be used for facilitating the effective and efficient use of IT for fulfilling business objectives.  Risk Management: The domain of IS Auditing is moving towards risk Management and an IS auditor is being viewed as a risk management professional particularly in the area of operational risk. Effective risk management for the enterprise is vital, therefore the...

Words: 477 - Pages: 2

Premium Essay

Audit

...Fraud Auditing and Different type of fraud Introduction Over the years, the role of auditors become increasingly important especially in a capitalist economy as the process of wealth creation and political stability depends heavily upon confidence in processes of accountability and how well the expected roles are being fulfilled. An auditor has the responsibility for the prevention, detection and reporting of fraud, other illegal acts and errors is one of the most controversial issues in auditing. The most frequently debated areas amongst auditors, politicians, media, regulators and the public is where the fraud is coming from and by whom. This disagreement has been especially tinted by the collapse of big corporations like Enron and WorldCom. The unforeseen fall of Enron and WorldCom traumatized the world as both of these companies received clean bills of health from their auditors immediately prior to their for bankruptcy. Type of fraud Fraud itself comprises a large variety of activities and includes bribery, political corruption, business and employee fraud, consumer theft; network hacking, bankruptcy and divorce fraud, and identity theft. Many find it helpful to separate between internal and external fraud. Internal fraud is usually found by internal auditors. In the Statement of Auditing Standards 99, it’s defines fraud as an intentional act that results in a material misstatement in financial statements. There are two types of fraud considered: misstatements arising...

Words: 2588 - Pages: 11

Premium Essay

Audit

...1 Session 4 Audit Planning; Materiality and the audit risk model Auditing: Principles and Methods 2 After studying this session you should be able to: 1. Discuss why adequate audit planning is essential 2. Make client acceptance decisions and perform initial audit planning 3. Gain an understanding of the client’s business and industry 4. Assess client business risk 5. Perform preliminary analytical procedures 6. Apply the concept of materiality to the audit 7. Define risk in auditing and the audit risk model Auditing: Principles and Methods 3 8. Consider the impact of engagement risk on acceptable audit risk 9. Discuss the relationship of risks to audit evidence 10. Answer the Review Questions Auditing: Principles and Methods 1. Audit Planning 4 Why is adequate audit planning essential? “The auditor must adequately plan the work and must properly supervise any assistants”. There are three main reasons why the auditor should properly plan engagements: to enable himself to obtain sufficient appropriate evidence, to keep audit cost reasonable and to avoid misunderstanding with the client. Auditing: Principles and Methods 1. Audit Planning 5 An important part of audit planning is assessing acceptable audit risk and inherent risk because it helps determine the amount of evidence that will need to be accumulated and staff assigned to the engagement. Acceptable audit risk is a measure of how willing the auditor is to accept that the FSs...

Words: 5316 - Pages: 22

Premium Essay

Audit

...Exercises, Problems and Simulations | 1. List and describe the activities auditors undertake before beginning an engagement. | 1, 2, 3, 4 | 53, 54, 55, 62, 66 | 2. Identify the procedures and sources of information auditors can use to obtain knowledge of a client’s business and industry. | 5, 6, 7, 8, 9 | 52, 56, 59, 65 | 3. Perform analytical procedures to identify potential problems. | 10, 11, 12, 13, 14, 15 | 47, 48, 49, 51, 58, 63, 64 | 4. List and discuss matters of planning auditors should consider for clients who use computers and describe how a computer can be used as an audit tool. | 16, 17, 18, 19, 20, 21, 22 | 57, 60 | 5. Review audit documentation for proper form and content. | 23, 24, 25 | 50, 61 | SOLUTIONS FOR REVIEW CHECKPOINTS 4.1 A CPA can use the following sources of information to help decide whether to accept a new audit client. Financial information prepared by the prospective client: * Annual reports to shareholders * Interim financial statements * Securities registration statements * Annual report on SEC Form 10K * Reports to regulatory agencies Inquiries directed to the prospect's business associates: * Banker * Legal counsel * Underwriter * Other persons, e.g., customers, suppliers Predecessor auditor, if any, communication, re: integrity of management, disagreements with management ...

Words: 11602 - Pages: 47

Premium Essay

Audit

...that recognizes him as a reliable body. With the growing conscious recognition of the importance of financial data in the ordering of everyday business and economic life, the need of basic economic facts is providing a constantly enlarging opportunity for the accounting profession. The auditors' reports have an especial capacity to fulfill the need for reliable and authoritative financial material not only because of the reputation or prestige of the certified statements, but also because of the significance generally attached by the business man to the functions of the auditor and his reports. These functions, and the scope of these reports, have in the past been definitely related to the character of and changes in business activity. Audits and reviews are basically procedures performed on the financial statements of a company, for the purpose of determining whether the financial statements include any material misstatements. Misstatements are essentially wrong numbers due to numerical errors, fraud, or errors in interpreting the accounting...

Words: 6792 - Pages: 28

Free Essay

Audit

...The reason for IFI or any regulatory body considering the ‘enjoining what is good and forbidding what is evil’ to be one of the basic principles of IFI Shariah Audit is due to ensures acceptance, validity and enforceability of contracts from Shariah point of view. Stating by Islamic Financial Services Board (IFSB), Shariah compliance actually is a central in assuring the integrity and credibility of the Institutions offering auditing. They state that Shariah non-compliance risk is the risk that arises from auditing failure to comply with the Shariah rules and principles determined by the relevant body in the jurisdiction in which the auditing operate. According to these standards, Shariah compliance is critical to audits’ operations and such compliance requirements must permeate throughout the organization and activities. As a majority of the auditors use Shariah-compliant auditing services as a matter of principle, the clients’ perception regarding audits’ compliance with Shariah rules and principles is of great importance to their sustainability. In this regard, Shariah compliance falls within a higher priority category in relation to other identified risks. They accordingly, require that auditing shall have in place adequate systems and controls, including Shariah Board, to ensure compliance with Shariah rules and principles. In other words, it could be said that IFI needs to be responsible for appointing people to carry out the responsibility of enjoining good, whenever...

Words: 1177 - Pages: 5

Premium Essay

Audit

...QUESTION 1 (a) The caller must in good manner, show respect to the CEO and has a talk with the CEO tell the CEO on your professional view that the sales transaction did not meet the revenue recognition criteria specified by GAAP., if they still want to make this kind of transpired transaction, company might get law sue by the bank. Caller also should not continue sign the commitment letter, because if that is a fraud, and she signed the letter, caller is liable to take responsibility about cheating the bank. (b) If the caller conceal her disagreement and continue working in the company, she might face legal liability in future. It is because she is the person who signs the commitment letter. (c) If she resigns immediately, it might affect her future career, other company will loss confident to hire her even banned. Besides that, she had signed some previous financial statement, if that found by the relevant parties, she is liable to face the legal responsibility. (d) Yes. She can refer to the MASB standard 9- Revenue, under the section 15 “sale of goods- revenue from the sale of goods should be recognized when the enterprise has transferred to the buyer the significant risks and rewards of ownership of the goods”. http://www.masb.org.my/images/stories/archive/PERS/!masb9.pdf In this case, the company recorded the revenue from sale transaction which did not occur, so she should remind the company. Question 2 Since she is the person who signs the commitment...

Words: 1432 - Pages: 6

Premium Essay

Audit

...auditors are not independence. The whole audit progress would be argued that the auditor had given the bias opinion to the client if there was no independence. Therefore, the accounting profession such as auditor and qualified accountant has faced the pressure for improving the quality of the audited reports. Jackson, Moldrich and Roebuck (2008) view the audit quality from perceived and actual quality. Actual quality shows the material errors risk level in financial statements and it can be reduced by the auditor. While perceived quality is the users confidence level in financial statements and effectiveness of the auditors in reducing the misstatement in financial statement done by management. However, there are variety of factors might affect the audit quality, but only 4 identified factors which is size of audit firm, auditor’s tenure, auditor’s experience and pricing pressure will be discussed in this paper. 2.1 Independent Variable 2.1.1 Auditor’s Tenure and Audit Quality The studies on auditor tenure cannot be separated with the auditor switching studies which formally known as auditor rotation. Auditor rotation can either is mandatory or voluntary. Voluntary rotation is the clients have option to switch auditors while mandatory rotation is pushes clients to change auditors after a fixed period (Mohamed & Habib, 2013) Previous researches had indicated that auditor’s tenure is related to the impact on audit quality. According to Geiger and Raghunandan...

Words: 3078 - Pages: 13

Premium Essay

Audit

...risk-based audit, adequate planning is of paramount importance as it allows to direct the audit effort towards the areas expected to be most at risk of material misstatement. Additionally, adequate planning helps identify and resolve problems on a timely basis and allows the auditor to organize the engagement, including selecting suitably experienced team members to deal with specific risks, so that it can be performed in an effective and efficient manner. ISA 300 in particular requires setting out an overall audit strategy and a detailed audit plan. The overall audit strategy should indicate the scope of the work, the resources to be allocated to specific high-risk areas in terms of experienced staff or hours and the timing of the work. A more detailed audit plan follows on from the approach identified in the audit strategy and indicates the audit procedures to be performed in respect of specific items in the financial statements and their timing. The audit strategy and the audit plan are not necessarily separate documents or processes as they are strictly interrelated. For example the results of initial risk assessment procedures, like the entity’s business risk assessment or the assessment of internal control, will inform the planning for further audit procedures and, vice versa, the outcome of detailed audit procedures may be so different from what expected at the time of planning to require a modification of the audit strategy and audit plan. As such, the audit strategy and...

Words: 5723 - Pages: 23

Premium Essay

Audit

...Executive summary Table of content (a) Explain the audit risk and each component of the audit risk model and how the audit risk works Audit risk is the auditor might give an incorrect or inappropriate opinion the financial statements. (Taylor, 2008). The audit risk model expresses the relationship among the audit risk components as follows: PDR = AAR IR x CR PDR = planned detection risk AAR = acceptable audit risk IR= inherent risk CR= control risk The four risks in the audit risk model are appropriately important to valuable detailed discussion. All four risks are discussed briefly in this section o provide an overview of the risks. Planned detection risk (PDR) is a measure of that audit evidence for a segment will fail to detect misstatements exceeding an acceptable amount, should such misstatements exists. (James, 2001) PDR is a function of the effectiveness of an audit test and of its application by the auditor. Decreases in PDR will require the auditor to increase the competence and sufficiency of audit evidence collected. (Taylor, 2008). Inherent risk (IR) represents the auditor’s assessment of the susceptibility of an assertion to a material misstatement assuming there are no related internal controls. (Boynton, 2001). If the auditor concludes that there is a high likelihood of misstatements, ignoring internal control, the auditor would conclude that inherent...

Words: 687 - Pages: 3

Premium Essay

Audit

...that recognizes him as a reliable body. With the growing conscious recognition of the importance of financial data in the ordering of everyday business and economic life, the need of basic economic facts is providing a constantly enlarging opportunity for the accounting profession. The auditors' reports have an especial capacity to fulfill the need for reliable and authoritative financial material not only because of the reputation or prestige of the certified statements, but also because of the significance generally attached by the business man to the functions of the auditor and his reports. These functions, and the scope of these reports, have in the past been definitely related to the character of and changes in business activity. Audits and reviews are basically procedures performed on the financial statements of a company, for the purpose of determining whether the financial statements include any material misstatements. Misstatements are essentially wrong numbers due to numerical errors, fraud, or errors in interpreting the accounting...

Words: 6792 - Pages: 28