Chapter 11- Auditing Computer- Based Information System.

Introduction

Auditing is the systematic process of obtaining and evaluating evidence regarding assertions about
economic actions and events in order to determine how well they correspond to the criteria.

The results of the audit are then communicated to interested users.

Auditing requires careful planning and the collection, review, and documentation of audit evidence.

In developing recommendations, the auditor uses established criteria, such as principles of control
described in previous chapters, as a basis for evaluation.

Internal auditing is an independent, objective assurance and consulting activity designed to add value
and improve organizational effectiveness and efficiency, including assisting in the design and
implementation of an AIS.

Internal auditing helps an organization accomplish its objectives by bringing a systematic, discipline
approach to evaluate and improve the effectiveness of risk management, control, and governance
process.

Different types of internal audits

1. A financial audit examines the reliability and integrity of financial transactions, accounting
records, and financial statements.
2. An information system, or internal control audit reviews the controls of an AIS to assess its
compliance with internal control policies and procedures and its effectiveness in safeguarding
assets. The audits usually evaluate system input and output, processing controls, backup and
recovery plans, system security, and other computer facilities.
3. An operating audit is concerned with the economical and efficient use of resources and the
accomplishments if established goals and objectives.
4. A compliance audit determines whether entities are complying with applicable laws, regulation,
policies and procedures. These audits often result in recommendations to improve process and
controls used to ensure compliance with regulations.
5. An investigative audit examines incidents of possible fraud, misappropriation of assets, waste
and abuse, or improper governmental activities.

In contrast, external auditors are responsible to corporate shareholders and are mostly concerned
with gathering the evidence needed to express an opinion on the financial statements.

They are only indirectly concerned with the effectiveness of a corporate AIS.

However, external auditors are required to evaluate how audit strategy is affected by an
organization’s use of information technology (IT). External Auditors may need a specialized skills to
determine