The document outlines the process of auditing an organization's information technology infrastructure, emphasizing the steps of audit planning, evidence collection, evaluation, and communication of results. It highlights the importance of identifying threats, implementing control procedures, and evaluating their effectiveness to protect system security. Additionally, it discusses various methods and tools used in audits, including automated software for operational audits that assess effectiveness and efficiency.

3. The examination and
evaluation of an
organization's
information
technology infrastructur

4. The process of obtaining and
evaluating evidence regarding
assertions about economic
actions and events in order to
determine how well they
correspond with established

5. 1. Audit planning
 Why, how, when, and who
 Establish scope and objectives of the
audit; identify risk
2. Collection of audit evidence
3. Evaluation of evidence
4. Communication of results

6. 1. Identify fraud and errors (threats) that can occur
that threaten each objective
2. Identify control procedures (prevent, detect, correct
the threats)
3. Evaluate control procedures
Review to see if control exists and is in place
Test controls to see if they work as intended
4. Determine effect of control weaknesses
Compensating controls

7. ZProtect overall system security (includes
computer equipment, programs, and data)
ZProgram development and acquisition occur
under management authorization
ZProgram modifications occur under
management authorization

8. ZAccurate and complete processing of
transactions, records,files and reports
ZPrevent,detect, or correct inaccurate or
unauthorized
source data
ZAccurate, complete, and confidential
data files

9. •Integrated Test Facility
•Snapshot Technique
•System Control Audit Review File (SCARF)
•Audit Hooks
•Continuous and Intermittent Simulation

10. •Integrated Test Facility
▫Uses fictitious inputs
•Snapshot Technique
▫Master files before and after update are stored for
specially marked transactions
•System Control Audit Review File (SCARF)
▫Continuous monitoring and storing of
transactions that meet pre-specifications

11. •Audit Hooks
▫Notify auditors of questionable
transactions
•Continuous and Intermittent
Simulation
▫Similar to SCARF for DBMS

12. Automated Audit
Workpapers
Data Analysis
Risk Assessment
Scheduling
Timekeeping
Flowcharting
Report
Generation

13. Computer Audit Software
can perform audit tasks on a
copy of a company’s data.

14. Operational Audits
To evaluate effectiveness, efficiency, and
goal achievement. Although the basic
audit steps are the same, the specific
activities of evidence collection are
focused toward operations.