IT Audit and Control Report: Week 1-11 Analysis and Findings

Verified

Added on 2020/06/05

AI Summary

This report provides a comprehensive overview of IT auditing and control, addressing key aspects from Week 1 to Week 11. It begins with an introduction to auditing and its importance, followed by detailed discussions on ethical requirements, auditor independence, and the IT auditing process. The report delves into audit planning, including risk assessment, client engagement, and internal controls. It explores evidence gathering techniques such as audit sampling and analytical procedures, and concludes with a section on audit reporting, subsequent events, and legal liabilities. The report utilizes examples to illustrate concepts, referencing relevant literature to support its analysis, and provides a solid foundation for understanding IT audit practices and principles.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

IT Audit & Control

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Table of Contents
INTRODUCTION...........................................................................................................................1
Week 1-3..........................................................................................................................................1
Ethical requirements and Auditors' Independence......................................................................1
Evaluation and demonstration of the importance of IT auditor independence using examples. 1
Week 3-5..........................................................................................................................................1
IT auditing planning part 1..........................................................................................................1
Week 5-7..........................................................................................................................................3
IT Auditing Planning Part 2........................................................................................................3
IT Auditing Planning Part 3........................................................................................................3
Week 7-9..........................................................................................................................................3
Evidence Gathering.....................................................................................................................3
Week 9-11........................................................................................................................................4
Audit reporting............................................................................................................................4
Conclusion.......................................................................................................................................4
REFERENCES................................................................................................................................5

INTRODUCTION
Audit is the process of investigating and examining the organisational accounts in
systematic and precise way. This will help the management to acquire information about the
financial position of the company. In accordance with this context, this report will cover the
answers of all the questions from Week 1 to Week 12.
Week 1-3
Ethical requirements and Auditors' Independence
Demonstrating an understanding of IT auditing ethical requirements using examples
 Support the implementation and encourage compliance with appropriate legislations and
ethical standards. For Example, IT auditor must have appropriate knowledge about the
ethical code of conduct of the organisation and must not deliberately damages the
reputation of the organisation (Tsai and et.al., 2013).
 Whilst, conducting IT auditing, auditors must perform their roles and responsibility in
appropriate manner.
 Serve in the interest of stakeholders in lawful manner.
 Privacy and confidentiality of the organisation must be maintained effectively by the
auditors while conducting IT auditing.
 Auditors must have knowledge about application of standards such as ISO 9000/3 and
ISO 17799 to increase the efficiency in IT auditing.
Evaluation and demonstration of the importance of IT auditor independence using examples
 Independent IT auditor provides critical and vital information without involving in any
kind of client and company relationship.
 Independent IT auditor promotes unbiased auditing in the organisation and also set a
benchmark on conducting process of auditing in ethical ways (Simunic, 2014).
 Reports generated by the Information and Technology auditors shows the exact and true
financial position of the organisation, which helps the management to acquired
information of the pros and cons of the company.
Week 3-5
IT auditing planning part 1
Analysing and demonstrating an understanding of:
Process of IT auditing using examples:
1

The process of IT auditing is divided into 3 steps which are
1. Audit Preparation: In this step the independent auditors prepares to conduct the process
of auditing in Information and technology organisation.
2. Conducting audit and analyse results: In this phase, auditors conduct internal auditing of
the organisation by applying all the methods and following all ethical standards
(Ferguson and et.al., 2013). For example, independent auditor examines the financial
statements of the company is the part of this phase.
3. Findings and recommendations: In the end of audit process, auditors provide findings and
recommendations to the management of organisation.
Client engagement using examples:
Independent IT auditors does not form any kind of relationship with clients or customer
organisations while conducting auditing (Prakash and Sivakumar, 2014). For example, An
independent auditor as per his ethical standards, will not be biased or produce favourable report,
just to increase reputation of the organisation.
Business and audit risk
Business risks are the factors that could prevent or hinder the achievement of organizational
goals and objectives. Control Risk: Control risk occurred due to misstatement of error or from fraud. For
example, Auditor makes report on the false statements provided by the management of
the organisation. Detection risk: Detection risk found when the transaction of particular material is not
provided by the management of organisation. Inherent Risk: Risk of omission in process of auditing. For example, financial
transactions that require complex calculations are inherently more likely to be misstated
than simple calculations
Risk of fraud using examples
Risk of fraud occurred in the auditing process when the management provides false
financial statements to the independent auditor, while conducting auditing process. For example,
An auditor provided with fake inventory report of and IT organisation, leads to evolution of fake
audit report.
2

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Week 5-7
IT Auditing Planning Part 2
Analytical review/procedures and materiality using examples
Analytical procedure consists of evaluation of financial information through analysis of
financial and non financial data. The motive of IT auditing analytical review or procedure is to
preliminary review of analytical data and substantive analytical procedures (Rousseau, 2017).
For example, Independent IT auditors performing process of auditing in systematic way by
comparing all the financial and non financial data of organisation.
IT Auditing Planning Part 3
Application of internal controls and IT audit controls using examples
Internal control is the process of assuring achievement of IT organisation objectives in
operational effectiveness and efficiency, reliable financial reporting and compliance with laws.
For example, An independent auditor conducting auditing process in effective and efficient
manner utilising all the application of internal and audit controls.
Week 7-9
Evidence Gathering Audit Sampling: Under audit sampling, auditors collects a certain range of data in order
to estimate the current and future financial position of the organisation. Test of control: A test of controls is an audit procedure to test the effectiveness of a
control used by a client entity to prevent or detect material misstatements. Substantive test of detail: These are certain type of test which are conduct by the IT
auditor in order to identify material misstatement or fraud. Substantive Analytical procedure: The primary purpose of substantive analytical
procedure is to gather evidence by using various audit test such as control test or
substantive test with respect to financial statement or assertion for one or more audit
areas of IT organisation (Mazza, Azzali and Fornaciari., 2014). Audit Strategy: Audit strategy sets the direction, timing and scope of audit. For example,
while conducting audit in IT organisation, an auditor must formulate specific strategy in
order to gather the evidence effectively and efficiently.
3

 Use of other auditors/experts and internal audit report: Evidence are gathered through
internal audit reports. Other professionals who are directly or indirectly related to the
organisations also assist in providing evidence.
Week 9-11
Audit reporting Subsequent events: These events occurred after auditing reporting period but before the
financial statement for that period have been issued or are available to issue. Going concern: In this auditor draw uncertainty regarding the organisation ability to
continue in making profits for long run in the future (Tsai and et.al., 2013). Audit Reports: Audit reports are made by the independent auditor which provides the
information regarding financial position of the organisation. Expectation Gaps: The difference between actual and desired performance, which are
identified by the auditors and articulated to the managers of IT organisation. Legal Liability: The legal liability of the organisation is to follow all the laws and
legislation effectively and efficiently.
 Corporate Dilemmas: Corporate dilemma occurred in IT organisation, where auditors
and managers needs to make correct and ethical decision for various alternatives choices.
Conclusion
The above reports, provides answers of all the questions from Week 1 to Week 11
effectively and efficiently. Further, all the aspects of IT audit was covered in the report and brief
knowledge can be gained from this assignment.
4

REFERENCES
Books and Journals
Ferguson, C. and et.al., 2013. Determinants of effective information technology
governance. International Journal of Auditing, 17(1), pp.75-99.
Mazza, T., Azzali, S. and Fornaciari, L., 2014. Audit quality of outsourced information
technology controls. Managerial Auditing Journal, 29(9), pp.837-862.
Prakash, M. and Sivakumar, D., 2014. Information systems auditing and electronic
commerce. International Journal of Advanced Research in Management and Social
Sciences, 3(2), pp.106-119.
Rousseau, R., 2017. Scholarly metrics under the microscope: From citation analysis to academic
auditing. Edited by Blaise Cronin and Cassidy R. Sugimoto. Medford, NJ: Information
Today, Inc., 2015. 976 pp. $149.50 (hardcover).(ISBN 9781573874991).
Simunic, D. A., 2014. The information… clearly shows an excessively high concentration of
auditing influence among the Big Eight firms. The degree of concentration in providing
independent auditing services to major corporations is so great that it constitutes evidence
of a serious lack of competition. In making this allegation, the Senate staff embraced the
structure-conduct-performance paradigm. The Routledge Companion to Auditing, p.33.
Tsai, W. H. and et.al., 2013. Combining decision making trial and evaluation laboratory with
analytic network process to perform an investigation of information technology auditing
and risk control in an enterprise resource planning environment. Systems Research and
Behavioral Science, 30(2), pp.176-193.
5