Professional Documents
Culture Documents
Chapter Six
Chapter Six
Submitted to
Mohammed Seid (Assistant Professor)
Prepared by
GROUP MEMBERS ID NO
EDEN AREGAWI CBE/PE/807/09AA
HUNYALEW TESFU CBE/PE/814/09AA
MANAYE MEKONNEN CBE/PE/817/09AA
SEBILA KIYAR CBE/PE/819/09AA
WASIHUN TEKLIE CBE/PE/823/09AA
April 2017
Chapter 6
INFORMATION
TECHNOLOGY
AUDIT AND
ASSURANCE
Objectives
Purpose of an audit and the basic
conceptual elements of the IS audit process
How auditing objectives and tests of control
are determined by the control structure of
the client firm
Types of IT audits
IT audit technologies
Auditing techniques used to verify the
effective functioning of application controls
Auditing techniques used to perform
substantive tests
Introduction
Assurance:
professional services that are designed to improve the quality
of information, both financial and non-financial, used by
decision-makers
includes, but is not limited to attestation
Attestation
an engagement in which a practitioner is engaged to issue,
or does issue, a written communication that expresses a
conclusion about the reliability of a written assertion that is
the responsibility of another party.
Auditing
• is a systematic process of objectively obtaining and evaluating
evidence regarding assertions about economic actions and
events to ascertain the degree of correspondence between the
assertions and established criteria
6.1. Information system auditing concept
Since most information systems employ information
technology, the IT audit is typically a significant
component of all external (financial) and internal
audits.
IS audits:
focus on the computer-based aspects of an
organization’s information system
assess the proper implementation, operation, and
control of computer resources
6.1. Information system auditing
concept
Function
Evaluate computer’s role in achieving audit and control
objectives
Assurance Provided
Data and information are reliable, confidential, secure, and
available
Safeguarding assets, data integrity, and operational
effectiveness
6.1. Information system auditing
concept
The IS audit function encompasses all the
components of a computer-based AIS: people,
procedures, hardware, data communications
,software, and databases.
IT governance
is a broad concept relating to the decision
rights and accountability for encouraging
desirable behavior in the use of IT.
Centralized IT Structure
Critical to segregate:
systems development from computer operations
database administrator (DBA) from other
computer service functions
○ DBA’s authorizing and systems development’s
processing
○ DBA authorizes access
maintenance from new systems development
data library from operations
Distributed IT Structure
Despite its many advantages, important IC
implications are present:
incompatible software among the various work
centers
data redundancy may result
consolidation of incompatible tasks
difficulty hiring qualified professionals
lack of standards