SlideShare a Scribd company logo
1 of 39
Download to read offline
Audit presentation
Audit presentation
Audits       are    performed        to    ascertain
the validity and reliability of information; also to
provide an assessment of a system's internal
control. The goal of an audit is to express an
opinion of the person / organization / system (etc.)
in question, under evaluation based on work done
on a test basis.
The general definition of an audit is
an evaluation of a person, organization,
system, process, enterprise, project or
product. The term most commonly
refers to audits in accounting, but
similar concepts also exist in project
management, quality management,
water management, and energy
conservation.
•The role of auditor goes back many hundreds of
years. These are records from ancient Egypt and
Rome, showing that people were employed to
review work done by taxes collector and estate
managers.
•The emphasis was very much on the detection of
fraud and other irregularities.
•Emphasis has changed and the role of the auditor
becomes much more sophisticated.
Audits can be categorized in to two types:

   Financial audit

   Non financial audit
   Financial audit:
    Address questions of accounting, recording, and
    reporting of financial transactions. Reviewing the
    adequacy of internal controls also falls within the
    scope of financial audits.
   Non financial audit:
    It is non statutory one and serves two purposes
   It checks company’s compliance to standards
   It determines whether a product or service satisfy
    the customer’s demands in terms of quality and
    features.
 Statutory Audit
 Privates Audit
 Internal Audit
 Management Audit
 IT Audit
A legally required review of the accuracy of a company's or
government's financial records. The purpose of a statutory audit to
determine whether an organization is providing a fair and accurate
representation of its financial position by examining information
such as bank balances, bookkeeping records and financial
transactions
For Example,
a state law may require all municipalities to submit to an annual
statutory audit examining all accounts and financial transactions
and to make the results of the audit available to the public. The
purpose of such an audit is to hold the government accountable
for how it is spending taxpayers' money.
When the audit is not a statutory requirement , but is
  conducted at the desire of owners , such an audit is private
  audit . The audit is conducted primarily for their own
  interest. At times the private audit may become a
  requirement under tax laws , if the turnover exceeds a
  specified limit.
Private Audit is following types
   1 audit of sole proprietorship
   2 audit of partnership firms
   3 audit of individuals accounts
   4 audit institutions not covered by statutory audit
The examination, monitoring and analysis of activities
   related to a company's operation, including its business
   structure, employee behavior and information systems.
Internal audit found to play the following roles-
 Check weather existing controls are effective and
   adequate.
 Weather financial and other reports show the actual
   results of the company
 Weather subunits are following the policies and
   procedures laid down by the company.
Analysis and assessment of competencies and
capabilities of a company's management in
order to evaluate their effectiveness, especially
with regard to the strategic objectives and
policies of the business. The objective of a
management audit is not to appraise individual
executive performance, but to evaluate the
management team in relation to their
competition.
Address the internal control environment of
automated information processing systems and
how these systems are used. IS audits typically
evaluate system input, output and processing
controls, backup and recovery plans, and system
security, as well as computer facility reviews.
IA’s scope of work is comprehensive and considers
all aspects of the organization - both financial and
non-financial - with an emphasis on constructive
improvement.
   Staffing the audit team
   Creating an audit project plan
   Laying the groundwork for audit
   Analyzing audit results
   Sharing audit results
   Writing audit results
   Dealing with resistance to audit
    recommendations
   Building an ongoing audit programs.
 Companies Directors
Assurance that statutory responsibilities
concerning accounts have been carried out.
Availability of expert advise.
The letter of weakness.

 To Shareholders
Assurance that accounts show a true and fair
view and comply with statutory requirements
Other Organization with publish accounts
Assurance that accounts are reliable

 In addition they provide reliable accounts
to regulatory bodies such as the companies
Registry, the stock exchange etc.
Primary Objective:
To produce a report by the auditor of his
opinion of the truth and fairness of financial
statements so that any person reading and
using them can belief in them.

Secondary Objective:
•To detect Error and Fraud

• To prevent Errors and fraud by the deterrent
and moral effects of Audit
   Completeness
   Ownership
   Accuracy
   Valuation
   Classification
   Disclosure
   An audit can neither help in prioritizing
    changes nor in allocating resources.
   Audit cannot mobilize people to take actions.
    though audit identifies various problems that
    exist in the organizational system and
    processes
   Audit can not generate better data than the
    measures used to gather those.
Audit evidence is evidence obtained during a financial
    audit and recorded in the audit working papers.

   In the audit engagement acceptance or reappointment
    stage, audit evidence is the information that the auditor
    is to consider for the appointment. For examples,
    change in the entity control environment, inherent risk
    and nature of the entity business, and scope of audit
    work.
   In the audit planning stage, audit evidence is the
    information that the auditor is to consider for the most
    effective and efficient audit approach. For examples,
    reliability of internal control procedures, and analytical
    review systems.
   In the control testing stage, audit evidence is the information
    that the auditor is to consider for the mix of audit test of
    control and audit substantive tests.

   In the substantive testing stage, audit evidence is the
    information that the auditor is to make sure the
    appropriation of financial statement assertions. For
    examples, existence,rights and obligations, occurrence, com
    pleteness, valuation, measurement, presentation and
    disclosure of a particular transaction or account balance.

   In the conclusion and opinion formulation stage, audit
    evidence is information that the auditor is to consider
    whether the financial statements as a whole presents with
    completeness, validity, accuracy and consistency with the
    auditor's understanding of the entity.
February 14, 2007   21
   An information technology audit,
    or information systems audit, is an examination
    of the management controls within
    an Information technology (IT) infrastructure.

   The evaluation of obtained evidence determines
    if the information systems are safeguarding
    assets, maintaining data integrity, and operating
    effectively to achieve the organization's goals or
    objectives. These reviews may be performed in
    conjunction with a financial statement
    audit, internal audit, or other form of attestation
    engagement.
   IT audits are also known as "automated data
    processing (ADP) audits" and "computer
    audits". They were formerly called "electronic
    data processing (EDP) audits".
   The concept of IT auditing was formed in the
    mid-1960s. Since that time, IT auditing has
    gone through numerous changes, largely due
    to advances in technology and the
    incorporation of technology into business.
   Currently, there are many IT dependent
    companies that rely on the Information
    Technology in order to operate their business
    e.g. Telecommunication or Banking company.
   An IT audit is different from a financial statement
    audit. While a financial audit's purpose is to
    evaluate whether an organization is adhering
    to standard accounting practices, the purposes of an
    IT audit are to evaluate the system's internal control
    design and effectiveness. This includes, but is not
    limited to, efficiency and security protocols,
    development processes, and IT governance or
    oversight.
   . One of the most important role of the IT Audit is to
    audit over the critical system in order to support the
    Financial audit or to support the specific regulations
    announced e.g. SOX
  Integrated     information    technology      audit
   compliance,
 Quality assurance,

 Business continuity,

 Disaster recovery,

 IT governance,

Fraud, risk, and forensics resources for information
   technology auditors, internal auditors, application
   auditors, compliance, information security and
   forensics professionals.
The IT audit aims to evaluate the following:

   Will the organization's computer systems be available for
    the business at all times when required? (known as
    availability)
   Will the information in the systems be disclosed only to
    authorized      users?    (known     as    security    and
    confidentiality)
   Will the information provided by the system always be
    accurate, reliable, and timely? (measures the integrity)
   In this way, the audit hopes to assess the risk to the
    company's valuable asset (its information) and establish
    methods of minimizing those risks.
The audit process is generally a ten-step procedure:

    1.    Notification & Request for Preliminary Information
    2.    Planning
    3.    Opening Meeting
    4.    Fieldwork
    5.    Communication
    6.    Draft Report
    7.    Management Responses
    8.    Closing Meeting
    9.    Report Distribution
    10.   Follow-up
   Technological innovation process audit
  Innovative comparison audit

  Technological position audit

 five categories of audits:
1. Systems and Applications

2. Systems Development:

3. Management of IT and Enterprise Architecture:

4. Client/Server, Telecommunications, Intranets, and
    Extranets
5. Information Processing Facilities:
   This audit constructs a risk profile for existing
    and new projects. The audit will assess the
    length and depth of the company's experience
    in its chosen technologies, as well as its
    presence in relevant markets, the organization
    of each project, and the structure of the portion
    of the industry that deals with this project or
    product, organization and industry structure.
This audit is an analysis of the innovative abilities
  of the company being audited, in comparison
  to its competitors. This requires examination of
  company's research and development facilities,
  as well as its track record in actually producing
  new products.
Technological position audit: This audit
  reviews the technologies that the business
  currently has and that it needs to add.
  Technologies are characterized as being either
  "base", "key", "pacing" or "emerging".
Systems and Applications: An audit to verify that systems
    and applications are appropriate, are efficient, and are
  adequately controlled to ensure valid, reliable, timely, and
secure input, processing, and output at all levels of a system's
                             activity.
Information Processing Facilities: An audit to verify that the
processing facility is controlled to ensure timely, accurate, and
    efficient processing of applications under normal and
               potentially disruptive conditions.
 Systems Development: An audit to verify that the systems
 under development meet the objectives of the organization,
 and to ensure that the systems are developed in accordance
 with generally accepted standards for systems development.
                                 .
   Management of IT and Enterprise Architecture:
    An audit to verify that IT management has
    developed an organizational structure and
    procedures to ensure a controlled and efficient
    environment for information processing.
   Client/Server, Telecommunications, Intranets,
    and Extranets: An audit to verify
    that telecommunications controls are in place on
    the client (computer receiving services), server,
    and on the network connecting the clients and
    servers
   The deep dive audit involves detailed study of the IT infrastructure
    deployed - hardware, software, connectivity, power, security, MIS,
    and usability by end users. Other areas of study include identifying
    process coverage, data integrity, productivity improvements,
    reporting frequency and adequacy, training adequacy, and system
    availability.
The focal points of the IT audit are:
  Business functionality
 Ease of Use

 Security

The capstone of Technology Audit is the Audit Findings Report which
   includes gap analysis, recommendations pertaining to technology
   upgrade / downgrade, training requirements and plan of action.
   Technology Audit recommendation sets the direction for
   organizations to optimize Return of Investment on IT.
      Advising the Audit Committee and senior
          management on IT internal control issues
         Performing IT Risk Assessments
         Performing:
                   Institutional Risk Area Audits
                   General Controls Audits
                   Application Controls Audits
                   Technical IT Controls Audits
                   Internal Controls advisors during systems
                    development and analysis activities.


February 14, 2007                                               35
February 14, 2007   36
     IT Audit plays a major role in development of IT
                Governance framework
               Moving away from policing role into a specialist
                role in the areas of risks and control
               Adding value at strategic and operational levels
                through the provision of business risk-focused
                advice and assurance
               Legislation is having a profound impact on IT
                Auditing
                (SOx, GLBA, HIPAA, FERPA, Privacy Notification
                Regulations …)
               The continuously changing technology
                environment brings new risks (i.e. Cyber security,
                wireless …)


February 14, 2007                                                    37
     Inadequate or Lack of Management Oversight
      Poor Segregation of Duties
      Inadequate or Lack of Supporting Documentation
      No Business Continuity/Disaster Recovery Plan
      Change Management
      Data Security
      Data Loss Incidents

 There are also new audits being imposed by various
   standard boards which are required to be performed,
   depending upon the audited organization, which
   will affect IT and ensure that IT departments are
   performing certain functions and controls
   appropriately to be considered compliant. An
   example of such an audit is the newly minted SSAE
   16
February 14, 2007                                       38
Audit presentation

More Related Content

What's hot (20)

Types of auditing
Types of auditingTypes of auditing
Types of auditing
 
Auditing
AuditingAuditing
Auditing
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
 
Auditing and Audit Process in Organization
Auditing and Audit Process in OrganizationAuditing and Audit Process in Organization
Auditing and Audit Process in Organization
 
Internal audit ppt
Internal audit  pptInternal audit  ppt
Internal audit ppt
 
Internal audit
Internal auditInternal audit
Internal audit
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditing
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
Audit procedures
Audit proceduresAudit procedures
Audit procedures
 
Audit report
Audit reportAudit report
Audit report
 
Audit PPT.pdf
Audit PPT.pdfAudit PPT.pdf
Audit PPT.pdf
 
Internal audit department
Internal audit departmentInternal audit department
Internal audit department
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
 
Auditing
AuditingAuditing
Auditing
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing function
 
Audit process
Audit processAudit process
Audit process
 
Types of audit
Types of auditTypes of audit
Types of audit
 
Clasification of Audit
Clasification of AuditClasification of Audit
Clasification of Audit
 
planning process in audit ppt
planning process in audit pptplanning process in audit ppt
planning process in audit ppt
 

Viewers also liked (20)

Introduction to auditing
Introduction to auditingIntroduction to auditing
Introduction to auditing
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
 
Audit report
Audit reportAudit report
Audit report
 
Presentation on New Auditor Report
Presentation on New Auditor ReportPresentation on New Auditor Report
Presentation on New Auditor Report
 
Audit Report
Audit ReportAudit Report
Audit Report
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Quality audit
Quality auditQuality audit
Quality audit
 
Definition of audit programme
Definition of audit programmeDefinition of audit programme
Definition of audit programme
 
Chapter 3 (2)
Chapter 3 (2)Chapter 3 (2)
Chapter 3 (2)
 
Website Audit Presentation
Website Audit PresentationWebsite Audit Presentation
Website Audit Presentation
 
Security supervisor ppt
Security supervisor pptSecurity supervisor ppt
Security supervisor ppt
 
Internal auditors’ roles and responsibilities
Internal auditors’ roles and responsibilitiesInternal auditors’ roles and responsibilities
Internal auditors’ roles and responsibilities
 
Internal Auditor Roles
Internal Auditor RolesInternal Auditor Roles
Internal Auditor Roles
 
Chapter 1.
Chapter 1.Chapter 1.
Chapter 1.
 
Working paper problem
Working paper problemWorking paper problem
Working paper problem
 
Audit working papers
Audit working papersAudit working papers
Audit working papers
 
Audit report
Audit reportAudit report
Audit report
 
Types of auditor
Types of auditorTypes of auditor
Types of auditor
 
STANDARDS ON AUDIT
STANDARDS  ON AUDITSTANDARDS  ON AUDIT
STANDARDS ON AUDIT
 
Audit Principles & Concepts
Audit Principles & ConceptsAudit Principles & Concepts
Audit Principles & Concepts
 

Similar to Audit presentation

auditpresentation-121006061658-phpapp02.pdf
auditpresentation-121006061658-phpapp02.pdfauditpresentation-121006061658-phpapp02.pdf
auditpresentation-121006061658-phpapp02.pdfowaissayyed0041
 
2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questionsdouglascarnicelli
 
Tugas mandiri audit novita dewi 11353202277
Tugas mandiri audit  novita dewi 11353202277Tugas mandiri audit  novita dewi 11353202277
Tugas mandiri audit novita dewi 11353202277novita dewi
 
Audits and Regulatory Compliance
Audits and Regulatory ComplianceAudits and Regulatory Compliance
Audits and Regulatory Compliancesomeshwar mankar
 
Internal control.. control env
Internal control.. control envInternal control.. control env
Internal control.. control envPhillys Sebastiane
 
Assessing risks and internal controls training
Assessing  risks and internal controls   trainingAssessing  risks and internal controls   training
Assessing risks and internal controls trainingshifataraislam
 
Wahid techniques – the significance and dependability manner for performance ...
Wahid techniques – the significance and dependability manner for performance ...Wahid techniques – the significance and dependability manner for performance ...
Wahid techniques – the significance and dependability manner for performance ...Mohammad Wahid Abdullah Khan
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxJoshJaro
 
AUDIT.pptx
AUDIT.pptxAUDIT.pptx
AUDIT.pptxbeminaja
 
Types of audit
Types of auditTypes of audit
Types of auditVadivelM9
 
7 Steps to Conducting a Financial Audit | The Enterprise World
7 Steps to Conducting a Financial Audit | The Enterprise World7 Steps to Conducting a Financial Audit | The Enterprise World
7 Steps to Conducting a Financial Audit | The Enterprise WorldTEWMAGAZINE
 
Sarbanes oxley internal controls
Sarbanes oxley internal controlsSarbanes oxley internal controls
Sarbanes oxley internal controlsIllumeo
 
Internal Audit Of The California Department Of Public...
Internal Audit Of The California Department Of Public...Internal Audit Of The California Department Of Public...
Internal Audit Of The California Department Of Public...Tina Jordan
 
BCom Auditing and Corporate Governance Notes-1.pdf
BCom Auditing and Corporate Governance Notes-1.pdfBCom Auditing and Corporate Governance Notes-1.pdf
BCom Auditing and Corporate Governance Notes-1.pdfMystatus4
 
UBL AUDITING DUBAI
UBL AUDITING DUBAIUBL AUDITING DUBAI
UBL AUDITING DUBAIVickyRockz1
 
SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007Slava Gorbunov
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8Akash Saxena
 
Role Of Internal Audit On The Organization Outside The...
Role Of Internal Audit On The Organization Outside The...Role Of Internal Audit On The Organization Outside The...
Role Of Internal Audit On The Organization Outside The...Patty Buckley
 

Similar to Audit presentation (20)

auditpresentation-121006061658-phpapp02.pdf
auditpresentation-121006061658-phpapp02.pdfauditpresentation-121006061658-phpapp02.pdf
auditpresentation-121006061658-phpapp02.pdf
 
2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions
 
Tugas mandiri audit novita dewi 11353202277
Tugas mandiri audit  novita dewi 11353202277Tugas mandiri audit  novita dewi 11353202277
Tugas mandiri audit novita dewi 11353202277
 
Audits and Regulatory Compliance
Audits and Regulatory ComplianceAudits and Regulatory Compliance
Audits and Regulatory Compliance
 
Internal control.. control env
Internal control.. control envInternal control.. control env
Internal control.. control env
 
Assessing risks and internal controls training
Assessing  risks and internal controls   trainingAssessing  risks and internal controls   training
Assessing risks and internal controls training
 
Wahid techniques – the significance and dependability manner for performance ...
Wahid techniques – the significance and dependability manner for performance ...Wahid techniques – the significance and dependability manner for performance ...
Wahid techniques – the significance and dependability manner for performance ...
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
AUDIT.pptx
AUDIT.pptxAUDIT.pptx
AUDIT.pptx
 
Audit
AuditAudit
Audit
 
Internal auditing for “one & all”
Internal auditing for “one & all”Internal auditing for “one & all”
Internal auditing for “one & all”
 
Types of audit
Types of auditTypes of audit
Types of audit
 
7 Steps to Conducting a Financial Audit | The Enterprise World
7 Steps to Conducting a Financial Audit | The Enterprise World7 Steps to Conducting a Financial Audit | The Enterprise World
7 Steps to Conducting a Financial Audit | The Enterprise World
 
Sarbanes oxley internal controls
Sarbanes oxley internal controlsSarbanes oxley internal controls
Sarbanes oxley internal controls
 
Internal Audit Of The California Department Of Public...
Internal Audit Of The California Department Of Public...Internal Audit Of The California Department Of Public...
Internal Audit Of The California Department Of Public...
 
BCom Auditing and Corporate Governance Notes-1.pdf
BCom Auditing and Corporate Governance Notes-1.pdfBCom Auditing and Corporate Governance Notes-1.pdf
BCom Auditing and Corporate Governance Notes-1.pdf
 
UBL AUDITING DUBAI
UBL AUDITING DUBAIUBL AUDITING DUBAI
UBL AUDITING DUBAI
 
SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007SOX ICMS Implmenetation - 2007
SOX ICMS Implmenetation - 2007
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8
 
Role Of Internal Audit On The Organization Outside The...
Role Of Internal Audit On The Organization Outside The...Role Of Internal Audit On The Organization Outside The...
Role Of Internal Audit On The Organization Outside The...
 

Audit presentation

  • 3. Audits are performed to ascertain the validity and reliability of information; also to provide an assessment of a system's internal control. The goal of an audit is to express an opinion of the person / organization / system (etc.) in question, under evaluation based on work done on a test basis.
  • 4. The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting, but similar concepts also exist in project management, quality management, water management, and energy conservation.
  • 5. •The role of auditor goes back many hundreds of years. These are records from ancient Egypt and Rome, showing that people were employed to review work done by taxes collector and estate managers. •The emphasis was very much on the detection of fraud and other irregularities. •Emphasis has changed and the role of the auditor becomes much more sophisticated.
  • 6. Audits can be categorized in to two types:  Financial audit  Non financial audit
  • 7. Financial audit: Address questions of accounting, recording, and reporting of financial transactions. Reviewing the adequacy of internal controls also falls within the scope of financial audits.  Non financial audit: It is non statutory one and serves two purposes  It checks company’s compliance to standards  It determines whether a product or service satisfy the customer’s demands in terms of quality and features.
  • 8.  Statutory Audit  Privates Audit  Internal Audit  Management Audit  IT Audit
  • 9. A legally required review of the accuracy of a company's or government's financial records. The purpose of a statutory audit to determine whether an organization is providing a fair and accurate representation of its financial position by examining information such as bank balances, bookkeeping records and financial transactions For Example, a state law may require all municipalities to submit to an annual statutory audit examining all accounts and financial transactions and to make the results of the audit available to the public. The purpose of such an audit is to hold the government accountable for how it is spending taxpayers' money.
  • 10. When the audit is not a statutory requirement , but is conducted at the desire of owners , such an audit is private audit . The audit is conducted primarily for their own interest. At times the private audit may become a requirement under tax laws , if the turnover exceeds a specified limit. Private Audit is following types 1 audit of sole proprietorship 2 audit of partnership firms 3 audit of individuals accounts 4 audit institutions not covered by statutory audit
  • 11. The examination, monitoring and analysis of activities related to a company's operation, including its business structure, employee behavior and information systems. Internal audit found to play the following roles-  Check weather existing controls are effective and adequate.  Weather financial and other reports show the actual results of the company  Weather subunits are following the policies and procedures laid down by the company.
  • 12. Analysis and assessment of competencies and capabilities of a company's management in order to evaluate their effectiveness, especially with regard to the strategic objectives and policies of the business. The objective of a management audit is not to appraise individual executive performance, but to evaluate the management team in relation to their competition.
  • 13. Address the internal control environment of automated information processing systems and how these systems are used. IS audits typically evaluate system input, output and processing controls, backup and recovery plans, and system security, as well as computer facility reviews. IA’s scope of work is comprehensive and considers all aspects of the organization - both financial and non-financial - with an emphasis on constructive improvement.
  • 14. Staffing the audit team  Creating an audit project plan  Laying the groundwork for audit  Analyzing audit results  Sharing audit results  Writing audit results  Dealing with resistance to audit recommendations  Building an ongoing audit programs.
  • 15.  Companies Directors Assurance that statutory responsibilities concerning accounts have been carried out. Availability of expert advise. The letter of weakness.  To Shareholders Assurance that accounts show a true and fair view and comply with statutory requirements Other Organization with publish accounts Assurance that accounts are reliable  In addition they provide reliable accounts to regulatory bodies such as the companies Registry, the stock exchange etc.
  • 16. Primary Objective: To produce a report by the auditor of his opinion of the truth and fairness of financial statements so that any person reading and using them can belief in them. Secondary Objective: •To detect Error and Fraud • To prevent Errors and fraud by the deterrent and moral effects of Audit
  • 17. Completeness  Ownership  Accuracy  Valuation  Classification  Disclosure
  • 18. An audit can neither help in prioritizing changes nor in allocating resources.  Audit cannot mobilize people to take actions. though audit identifies various problems that exist in the organizational system and processes  Audit can not generate better data than the measures used to gather those.
  • 19. Audit evidence is evidence obtained during a financial audit and recorded in the audit working papers.  In the audit engagement acceptance or reappointment stage, audit evidence is the information that the auditor is to consider for the appointment. For examples, change in the entity control environment, inherent risk and nature of the entity business, and scope of audit work.  In the audit planning stage, audit evidence is the information that the auditor is to consider for the most effective and efficient audit approach. For examples, reliability of internal control procedures, and analytical review systems.
  • 20. In the control testing stage, audit evidence is the information that the auditor is to consider for the mix of audit test of control and audit substantive tests.  In the substantive testing stage, audit evidence is the information that the auditor is to make sure the appropriation of financial statement assertions. For examples, existence,rights and obligations, occurrence, com pleteness, valuation, measurement, presentation and disclosure of a particular transaction or account balance.  In the conclusion and opinion formulation stage, audit evidence is information that the auditor is to consider whether the financial statements as a whole presents with completeness, validity, accuracy and consistency with the auditor's understanding of the entity.
  • 22. An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure.  The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.
  • 23. IT audits are also known as "automated data processing (ADP) audits" and "computer audits". They were formerly called "electronic data processing (EDP) audits".
  • 24. The concept of IT auditing was formed in the mid-1960s. Since that time, IT auditing has gone through numerous changes, largely due to advances in technology and the incorporation of technology into business.  Currently, there are many IT dependent companies that rely on the Information Technology in order to operate their business e.g. Telecommunication or Banking company.
  • 25. An IT audit is different from a financial statement audit. While a financial audit's purpose is to evaluate whether an organization is adhering to standard accounting practices, the purposes of an IT audit are to evaluate the system's internal control design and effectiveness. This includes, but is not limited to, efficiency and security protocols, development processes, and IT governance or oversight.  . One of the most important role of the IT Audit is to audit over the critical system in order to support the Financial audit or to support the specific regulations announced e.g. SOX
  • 26.  Integrated information technology audit compliance,  Quality assurance,  Business continuity,  Disaster recovery,  IT governance, Fraud, risk, and forensics resources for information technology auditors, internal auditors, application auditors, compliance, information security and forensics professionals.
  • 27. The IT audit aims to evaluate the following:  Will the organization's computer systems be available for the business at all times when required? (known as availability)  Will the information in the systems be disclosed only to authorized users? (known as security and confidentiality)  Will the information provided by the system always be accurate, reliable, and timely? (measures the integrity)  In this way, the audit hopes to assess the risk to the company's valuable asset (its information) and establish methods of minimizing those risks.
  • 28. The audit process is generally a ten-step procedure: 1. Notification & Request for Preliminary Information 2. Planning 3. Opening Meeting 4. Fieldwork 5. Communication 6. Draft Report 7. Management Responses 8. Closing Meeting 9. Report Distribution 10. Follow-up
  • 29. Technological innovation process audit  Innovative comparison audit  Technological position audit five categories of audits: 1. Systems and Applications 2. Systems Development: 3. Management of IT and Enterprise Architecture: 4. Client/Server, Telecommunications, Intranets, and Extranets 5. Information Processing Facilities:
  • 30. This audit constructs a risk profile for existing and new projects. The audit will assess the length and depth of the company's experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure.
  • 31. This audit is an analysis of the innovative abilities of the company being audited, in comparison to its competitors. This requires examination of company's research and development facilities, as well as its track record in actually producing new products. Technological position audit: This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing" or "emerging".
  • 32. Systems and Applications: An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity. Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions. Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development. .
  • 33. Management of IT and Enterprise Architecture: An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.  Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers
  • 34. The deep dive audit involves detailed study of the IT infrastructure deployed - hardware, software, connectivity, power, security, MIS, and usability by end users. Other areas of study include identifying process coverage, data integrity, productivity improvements, reporting frequency and adequacy, training adequacy, and system availability. The focal points of the IT audit are:  Business functionality  Ease of Use  Security The capstone of Technology Audit is the Audit Findings Report which includes gap analysis, recommendations pertaining to technology upgrade / downgrade, training requirements and plan of action. Technology Audit recommendation sets the direction for organizations to optimize Return of Investment on IT.
  • 35. Advising the Audit Committee and senior management on IT internal control issues  Performing IT Risk Assessments  Performing:  Institutional Risk Area Audits  General Controls Audits  Application Controls Audits  Technical IT Controls Audits  Internal Controls advisors during systems development and analysis activities. February 14, 2007 35
  • 37. IT Audit plays a major role in development of IT Governance framework  Moving away from policing role into a specialist role in the areas of risks and control  Adding value at strategic and operational levels through the provision of business risk-focused advice and assurance  Legislation is having a profound impact on IT Auditing (SOx, GLBA, HIPAA, FERPA, Privacy Notification Regulations …)  The continuously changing technology environment brings new risks (i.e. Cyber security, wireless …) February 14, 2007 37
  • 38. Inadequate or Lack of Management Oversight  Poor Segregation of Duties  Inadequate or Lack of Supporting Documentation  No Business Continuity/Disaster Recovery Plan  Change Management  Data Security  Data Loss Incidents There are also new audits being imposed by various standard boards which are required to be performed, depending upon the audited organization, which will affect IT and ensure that IT departments are performing certain functions and controls appropriately to be considered compliant. An example of such an audit is the newly minted SSAE 16 February 14, 2007 38