IT Audit & Control: Comprehensive Analysis of Key Audit Areas

Verified

Added on 2020/07/23

AI Summary

This report provides a comprehensive overview of IT Audit and Control, encompassing various critical aspects of the field. It begins by outlining the ethical requirements for IT auditing, emphasizing the importance of auditor independence. The report then delves into the IT auditing process, detailing the stages of planning, assessment, reporting, and follow-up. Key concepts such as client engagement, business and audit risks (including fraud), analytical review, and materiality are thoroughly explained. The report also explores internal controls, IT audit controls, audit sampling, tests of controls, and substantive tests. Furthermore, it addresses audit strategy, the use of other auditors' reports, subsequent events, and going concern principles. The report also covers audit reports, the expectations gap, legal liability, and corporate dilemmas. The report references several sources to support its findings. The document is a valuable resource for understanding and applying IT audit and control principles.

IT Audit & Control

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

TABLE OF CONTENTS
IT auditing ethical requirements.................................................................................................3
Importance of IT auditor independence......................................................................................3
IT auditing process......................................................................................................................3
Client engagement.......................................................................................................................3
Business and Audit risk...............................................................................................................3
Risk of fraud................................................................................................................................4
Analytical review and materiality...............................................................................................4
Understanding and application of internal controls and IT audit controls..................................4
Audit sampling............................................................................................................................5
Tests of controls-IT.....................................................................................................................5
Substantive tests of details-IT.....................................................................................................5
Audit strategy..............................................................................................................................5
Use of other auditors and internal audit reports..........................................................................5
Subsequent events.......................................................................................................................5
Going concern.............................................................................................................................6
Audit reports...............................................................................................................................6
Expectations gap.........................................................................................................................6
Legal liability..............................................................................................................................6
Corporate dilemmas....................................................................................................................6
REFERENCES................................................................................................................................7

IT auditing ethical requirements.
The list of auditing ethical requirements is as follows:
 Inclusion of user manuals and documentation.
 Identify references to innovation.
 Literature - inclusion.
 Timeliness
 Source Openness
 Elaborateness
 Scientific referencing of learning perspectives (Kieseberg, and et. al., 2016).
Importance of IT auditor independence.
If the auditor will be independent from the client company then he/she will be able to
take the opinions without any influence of the personal relationships.
IT auditing process.
IT auditing process is different from financial statement audit. The process in this audit
involves the following:
 Planning: In this step, the internal control questionnaires, audit scope and objectives are
identified and analysed.
 Assessment: On the basis of the feedback, the data are evaluated and tested in this phase
of IT auditing (Graham and et. al., 2016).
 Reporting: In this phase, the communication takes place of the findings of the audit. The
results are also analysed in this step.
 Follow-up: In this step, the confirmation of
 the planned action is done. Also, audit responses are verified.
Client engagement
It is the tactic that is used to determine the performance of a business in terms of
engagement of the client.
Business and Audit risk
Business Risk Audit Risk
Some common business risks involves the
financial, cash flow, risk of theft and fraud, etc.
It includes the inherent, control and detection
issues. This tool is used to attempt to the

These risks are diverse. These challenges can
lead to business failure.
reduce the audit risk. They includes the factors
that can cause misstatements.
Risk of fraud.
This is a business risk that can impact upon a business to lose a significant amount of
assets. Further, it can shut out a company. There are two common risk of frauds which are as
follows:
 Misstatements arising from fraudulent financial reporting.
 Misstatements arising from misappropriation of assets.
Analytical review and materiality.
Analytical review can be a useful source of audit evidence by including a preliminary,
extensive and final review tools (Zhao, and et. al., 2016). These tools are part of a continuous
process. Whereas, Materiality is an assessment made by an auditor. It is on the misstatements of
the client's financial statements.
Understanding and application of internal controls and IT audit controls.
Internal control system:
The elements of an internal control system includes:
 Information and communication.
 Risk assessment.
 Control environment.
 Monitoring.
 Control activities.
The internal control audits are used to protect the assets own by the entity (Gaudard, and
et. al., 2017). They are used in directing, monitoring and measuring the resources of an
organisation.
IT audit controls:
The steps of this auditing includes the following steps:
 Procedures.
 Gaining understanding of selected entity's IT system.
 IT infrastructure, Personnel computing, outsources IT and IT governance.
 Identification of IOT application.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

 Assessment of risk of IT application.
 Control activities.
 Assessment matrices models.
The application of the IT control audits involves the assurance of completeness and
accuracy of the records (Chen and Su, 2016). Also, the validity of entries in the report.
Audit sampling.
It is the application of the audit procedures to less than 100% of the items. It is done in a
manner that all the items gets equal probability to be selected.
Tests of controls-IT.
It is an audit procedure to evaluate the effectiveness of a control which is used by a client
to detect material misstatements.
Substantive tests of details-IT.
These are the tests that are performed by an auditor to evaluate the frauds associated with
the transactions or balance of account. There are two types of Substantive tests namely analytical
procedures and tests of details.
Audit strategy.
The IT audit strategy assists in setting an appropriate direction, timing and scope for
conducting an audit. This is the plan which in actual acts as a guideline while carrying out the
operations. It mainly includes a statements of the major decisions for effective planning (Denton,
Topping, and Humphreys, 2016).
Use of other auditors and internal audit reports.
Use of other auditors helps in getting report in a form of formal document. The observed
details are written in it. It is detailed work. In contrary to this, an internal audit report contains
disclose finding and their descriptions. In addition to this, suggestions, recommendations and
auditor's comments are also there. It is a summarize form of work.
Subsequent events.
After the completion of the reporting period, the event occurred is known as subsequent.
It may however be recognised that it takes place before the starting of the issuing of the financial
report. They may or may not be disclosed depending upon the situation (Zhao, and et. al., 2016).

Going concern.
According to the principle of the Going concern, it should be assumed that an entity will
continue doing business in the foreseeable future.
Audit reports.
Audit reports are the written perspectives of an auditor on the financial statements of an
organisations. The report follows GAAS auditing standards and thus, present in a standard
format.
Expectations gap.
Expectation gap is the variance between the actual performance to the expected on efrom
an auditor. It should be remain minimum to get the desired objectives.
Legal liability.
Complainant Elements that must be prove.
Client Loss, Negligence, proximate cause
Third Party Loss, Negligence, proximate cause
In case, if these elements are proved that under the common law, Auditors are liable to
their clients for failure to exercise (Graham and et. al., 2016). Thus, auditors are liable for the
damages caused to the clients. There are two types of liability, namely Criminal and Civil.
Corporate dilemmas.
The ethical dilemmas for auditors are higher in the corporate operations. There are eight
major dilemmas which are as follows:
 Non-audit services.
 Fee levels.
 Ethics Partners.
 Long association with the audit client.
 Commencement in practice.
 Financial interest in a client (Gaudard and et. al., 2017).
 Business relations with the audit clients.
 Policies and procedures.

REFERENCES
Books and Journals
Chen, B. and Su, X., 2016. Audit Quality and Information Transparency of Audit Firms in
China: A Constructive Framework. DEStech Transactions on Social Science, Education
and Human Science, (eeres).
Denton, A., Topping, A. and Humphreys, P., 2016. Evolution of an audit and monitoring tool
into an infection prevention and control process. Journal of Hospital Infection. 94(1).
pp.32-40.
Gaudard, P. and et. al., 2017. Control of nosocomial outbreak due to multiresistant bacteria
based on audit and education in a cardiothoracic intensive care unit. Journal of
Cardiothoracic and Vascular Anesthesia. 31. pp.S34.
Graham, I., and et. al., 2016. 36 Simplifying the audit of risk factor recording and control: a
report from an international study in 11 Countries.
Kieseberg, P., and et. al., 2016. A tamper-proof audit and control system for the doctor in the
loop. Brain informatics. 3(4). pp.269-279.
Zhao, M., and et. al., 2016. Simplifying the audit of risk factor recording and control: A report
from an international study in 11 countries. European journal of preventive cardiology.
23(11). pp.1202-1210.