Internal auditing and controls

Topics: Internal control, Auditing, Financial audit Pages: 5 (1357 words) Published: January 23, 2014
Module 7 summary
Information technology auditing
Module 7 looks at the impact of IT on internal auditing and the changing field of IT auditing. You are introduced to two frameworks that assist auditors with the evaluation of IT controls. The use of such controls is outlined, especially as they apply to computer communications, networking, and end-user environments. The module concludes with a look at the challenges of auditing in this environment where emerging technology is a constant. Explain the concerns for internal auditors around IT auditing. IT auditing began to develop when it was clear that internal auditors did not have the technical skills to analyze information stored in computer systems. It was recognized that it was no longer enough to simply analyze data in and data out, ignoring what happened to information as it was processed and stored. The impacts of auditing in an IT environment are two-fold:

The concerns for internal auditors: the high degree of reliance organizations place on the use of IT has raised some specific concerns for auditors. The effect of IT on internal auditing: in spite of these concerns, IT also provides an opportunity to improve controls. Specifically, an IT environment affects the following areas as they relate to internal audit: skills and competence required of the auditor

work performed by others for which the auditor is responsible planning
accounting system and internal control
audit evidence
An IT environment also has an impact on the following aspects of internal control: organizational structure
nature of processing
design and procedural aspects
Discuss how IT auditing has developed in response to the specialized skills required to audit IT systems. Computer programs (such as ACL) have been developed specifically to assist auditors to extract information to be used in the audit and to perform data analysis auditing activities. Other computer programs such as application programs, system software, and other utility programs can also be used by internal auditors to audit IT systems. Auditors realized that auditing IT systems required more technical knowledge, which in turn led to the development of IT auditing. As newer, emerging technologies are implemented, it is imperative that IT auditors remain current. However, as IT systems become an integral component of any enterprise, all internal auditors must also be computer literate. Identify the various IT risks and explain how they affect an organization. IT control frameworks support a risk management-based approach to control. The following are the risk categories identified in the CICA IT Control Guidelines: Inherent risk: the risk that naturally exists in a particular business or situation Specific risk: the risk resulting from a location or method of operation of a particular function Technological risk: the risk of using technology to meet enterprise objectives The fact that IT control frameworks support a risk management-based approach to control means that where such control frameworks are used, controls are identified and implemented in proportion to the risk that must be managed. To manage risk effectively in an IT environment, both risk analysis and risk assessment must be performed. Auditors must be able to explain the impact of IT risk to managers who are unaware of such risks. Discuss the prevalent IT control frameworks governing technology audits: the IIA’s Global Technology Audit Guide (GTAG) 1, Information Technology Controls, and ISACA’s Control Objectives for Information and Related Technology (COBIT). Control frameworks have been developed to assist with the comprehensive evaluation of controls in an IT environment, providing guidelines for both general and applications controls: GTAG: Global technology audit guides have been developed by the IIA as a framework for technology audits. COBIT: This framework is becoming increasingly recognized as an authoritative IT governance model designed to help...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • internal control Essay
  • internal auditing Essay
  • Auditing: Effective Internal Control Essay
  • Evaluating Internal Controls Essay
  • Essay on Auditing and Internal Controls
  • Auditing and Internal Control Essay
  • Auditing: Internal Control and Audit Essay
  • Internal Control System Questionnaire Essay

Become a StudyMode Member

Sign Up - It's Free