Scribd
Upload
6 views

INFORMATION SYSTEM AUDIT CLASS

An information system (IS) audit evaluates the controls within an organization's IT infrastructure to ensure asset protection, data integrity, and operational efficiency. The audit process includes planning, risk assessment, and performance of audit work, following international standards. The primary focus is on assessing risks related to information assets and ensuring the availability, confidentiality, and integrity of the systems.

Uploaded by

tanaydhanuka41
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
6 views

INFORMATION SYSTEM AUDIT CLASS

An information system (IS) audit evaluates the controls within an organization's IT infrastructure to ensure asset protection, data integrity, and operational efficiency. The audit process includes planning, risk assessment, and performance of audit work, following international standards. The primary focus is on assessing risks related to information assets and ensuring the availability, confidentiality, and integrity of the systems.

Uploaded by

tanaydhanuka41
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

INFORMATION SYSTEM AUDIT -

An information system (IS) audit or information technology (IT) audit is an examination of the
controls within an entity's Information technology infrastructure. These reviews may be performed in
conjunction with a financial statement audit, internal audit, or other form of attestation engagement. It
is the process of collecting and evaluating evidence of an organization's information systems,
practices, and operations. Obtained evidence evaluation can ensure whether the organization's
information systems safeguard assets, maintains data integrity, and are operating effectively and
efficiently to achieve the organization's goals or objectives.
An IS audit is not entirely similar to a financial statement audit. An evaluation of internal controls may
or may not take place in an IS audit. An IS audit tends to focus on determining risks that are relevant
to information assets, and in assessing controls in order to reduce or mitigate these risks. An IT audit
may take the form of a "general control review" or an "specific control review". Regarding the
protection of information assets, one purpose of an IS audit is to review and evaluate an
organization's information system's availability, confidentiality, and integrity by answering the
following questions:

1. Will the organization's computerized systems be available for the business at all times when
required? (Availability)
2. Will the information in the systems be disclosed only to authorized users? (Confidentiality)
3. Will the information provided by the system always be accurate, reliable, and timely?
(Integrity).

Information Systems Audit Methodology


The following methodology is in accordance with International Information Systems Audit Standards
e.g ISACA Information Systems Audit Standards and Guidelines and the Sabarne Oxley COSO
Standard. The beginning point of this methodology is to carry out planning activities that are geared
towards integrating a Risk Based Audit Approach to the IS Audit.

PHASE 1: Audit Planning


In this phase we plan the information system coverage to comply with the audit objectives specified
by the Client and ensure compliance to all Laws and Professional Standards. The first thing is to
obtain an Audit Charter from the Client detailing the purpose of the audit, the management
responsibility, authority and accountability of the Information Systems Audit function as follows:
PHASE 2 – Risk Assessment and Business Process Analysis
Risk is the possibility of an act or event occurring that would have an adverse effect on the
organisation and its information systems. Risk can also be the potential that a given threat will
exploit vulnerabilities of an asset or group of assets to cause loss of, or damage to, the assets. It is
ordinarily measured by a combination of effect and likelihood of occurrence.

A risk based approach to an Information Systems Audit will enable us to develop an overall and
effective IS Audit plan which will consider all the potential weaknesses and /or absence of Controls
and determine whether this could lead to a significant deficiency or material weakness.
In order to perform an effective Risk Assessment, we will need to understand the Client’s Business
Environment and Operations.

PHASE 3 – Performance of Audit Work

Source: images.com

In the performance of Audit Work the Information Systems Audit Standards require us to provide
supervision, gather audit evidence and document our audit work.

Application Control Review (Done in class from Dr. Sk. Basus’s Book)
The use of Computer Aided Audit Techniques (CAATS) in the performance of an IS Audit
(Done in class from Dr. Sk. Basus’s Book)
PHASE 4: Reporting (Done in class from Dr. Sk. Basus’s Book)

You might also like