Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IS Audit and Internal Controls


Published on

Information Systems Audit is now an emerging field for Chartered Accountants and other Auditing Professionals. This presentation describes in brief the relation between Internal Controls and IS Audit. This is a basic presentation for understanding the concept of IS Audit for those who are new into the field.

Please send in your valuable suggestions and comments to

  • Be the first to comment

IS Audit and Internal Controls

  1. 1. IS Audit and Internal Controls BHARATH RAO
  2. 2. Professional Audit CA • • • • • Audit Tax Company Matters Legal Complicances Accounts • Statutory Audit • Internal Audit • Tax Audit (44AB, VAT etc) • Special Audits 2 10/19/2013
  3. 3. • • • • • • IS Audit Design of Access, Process Controls Implementation of ERP Implementation of GRC Forensic Audit Legal Compliances and Frameworks for IT Governance: • • • • • • Sarbanes - Oxley Act 2002 – Section 302 and 404 Companies Act 2013 – Section 134 and 143 ISO 27001 ISO 27002 ISO 27031 COBIT 5/COSO Framework More work more pay 3 10/19/2013
  4. 4. Risk Terms 4 10/19/2013
  5. 5. It means policies framed by the management in order to have stronger and adequate control within the organization, which can be checked by the internal or stat auditor in order to ensure that the goals and objectives are duly met. Internal Controls 5 10/19/2013
  6. 6. Control Environment Risk Assessment Information and Communication Control Activities Monitoring Components of Internal Controls 6 10/19/2013
  7. 7. General Controls IS Controls Formula of Internal Control Internal Controls 7 10/19/2013
  8. 8. IS Controls Application Controls IS Controls IT General Controls 8 10/19/2013
  9. 9. Maintaining Confidentiality Preserving Integrity Ensuring Availability Objective of IS Controls 9 10/19/2013
  10. 10. Application software is the software that processes business transactions. The application software could be a payroll system, a retail banking system, an inventory system, a billing system or, possibly, an integrated ERP. Controls, which relate to the business applications thereby leading to judicial use of the application and are enforced through the application itself to the end user. Applications Controls 10 10/19/2013
  11. 11. • • • • • • • General Ledger Fixed Assets Inventory Control Sales Manufacturing Resource Planning (MRP) Human Resources And, everyone’s favorite – Payroll… Examples of Applications 11 10/19/2013
  12. 12. Input Controls Processing Controls Output Controls Integrity Controls Management Trail Data Checks and Validation s Duplicate Checks, File Identificati ons and validations Update Authorizat ion Data Encryptio n, Input Validation Snapshots, Time Stamps Types of Application Controls 12 10/19/2013
  13. 13. ITGCs may also be referred to as General Computer Controls which are defined as: Controls, other than application controls, which relate to the environment within which computer-based application systems are developed, maintained and operated, and which are therefore applicable to all applications. These are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. General Controls 13 10/19/2013
  14. 14. Physical Access Data Center IS Security SDLC and Change Management (CM) Logical Controls Backup and Recovery End User Computing Areas of IT General controls 14 10/19/2013
  15. 15. Checking the Documentation of Policies, Processes Reviewing Logs that are generated by applications Understanding the solutions that are present other than business applications and their role The IS audit Testing and gathering of evidences based on Sampling • Screen shots, Photos, Email Conversations, Scans 15 10/19/2013
  16. 16. • Link RCM – Risk control matrix 16 10/19/2013
  17. 17. Suggested Sample Size Frequency of Performance Number of Items to Test per Annual Number of Items to Test per Quarter Manual General Controls Many times per day 25 6-7 Manual General Controls Daily 20 5 Manual General Controls Weekly 10 2-3 Manual General Controls Monthly 3 1 Manual General Controls Quarterly 2 0-1 Manual General Controls Annually 1 Nature of Control Programmed General Controls Test one instance of each programmed control activity. Sampling 17 10/19/2013
  18. 18. • BHARATH RAO B • +91 96113 19421 | • /bharathraob Thank you 18 10/19/2013