Scribd
Upload
160 views

Chapter 1 Introduction On Is Audit

The document discusses auditing in a computerized information system (CIS) environment. It defines an IS audit as an examination of controls within an IT infrastructure to ensure assets are protected, data integrity is maintained, and systems are operating effectively. The objectives of an IS audit are to identify risks in the CIS environment and evaluate security controls. As business operations increasingly rely on computerized systems, a well-planned IS audit is essential for risk management, monitoring, and controlling information systems. Auditors must understand computer concepts, system design, and how controls are implemented in a CIS to effectively evaluate risks and controls.

Uploaded by

Steffany Roque
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
160 views

Chapter 1 Introduction On Is Audit

The document discusses auditing in a computerized information system (CIS) environment. It defines an IS audit as an examination of controls within an IT infrastructure to ensure assets are protected, data integrity is maintained, and systems are operating effectively. The objectives of an IS audit are to identify risks in the CIS environment and evaluate security controls. As business operations increasingly rely on computerized systems, a well-planned IS audit is essential for risk management, monitoring, and controlling information systems. Auditors must understand computer concepts, system design, and how controls are implemented in a CIS to effectively evaluate risks and controls.

Uploaded by

Steffany Roque
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

AUDITING IN CIS ENVIRONMENT

CHAPTER 1
INTRODUCTION ON IS AUDIT

Objective
1. 1. 1. Explain the definition of IS Audit.
2. 2. Explain the objective of IS Audit
3. 3.Discuss about understanding computerized environment

Introduction

The Working Group on Information Systems Security for the Banking and
Financial Sector’ constituted by Reserve Bank of India enumerated that each
Bank in the country should conduct ‘Information Systems Audit Policy’ of
the Bank. Accordingly Information Systems Audit and Security cell prepare
Information Systems Audit Policy. The fundamental principle is that risk and
controls are continuously evaluated by the owners, where necessary, with the
assistant of IS Audit function.
The business operations in the Banking and Financial sector have been
increasingly dependent on the computerized information systems over the
years. It has now become impossible to separate information Technology
from the business of the banks. There is a need for focused attention of the
issues of the corporate governance of the information systems in
computerized environment and the security controls to safeguard information
and information systems. The developments in Information Technology have
AUDITING IN CIS ENVIRONMENT

a tremendous impact on auditing. Well-planned and structured audit is


essential for risk management and monitoring
and control Information systems in any organization.

Definition of IS Audit
An information system (IS) audit or information technology(IT) audit is an
examination of the controls within an entity's Information technology
infrastructure. These reviews may be performed in conjunction with a financial
statement audit, internal audit, or other form of attestation engagement. It is
the process of collecting and evaluating evidence of an organization's
information systems, practices, and operations. Obtained evidence evaluation
can ensure whether the organization's information systems safeguard assets,
maintains data integrity, and are operating effectively and efficiently to achieve
the organization's goals or objectives.

Audit Objectives

Auditing is a systematic and independent examination of


information systems environment to ascertain whether the
objectives, set out to be achieved, have been met or not.
Auditing is also described as a continuous search for
compliance. The objective of the IS audit are to identify risks
that an organization is exposed to in the computerized
environment. IS audit evaluates the adequacy of the security
controls and informs the management with suitable
conclusions and recommendations. IS audit is an independent
subset of the normal audit exercise. Information systems audit
is an ongoing process of evaluating controls; suggest security
measures for the purpose of safeguarding assets/resources,
maintaining data integrity, improve system effectiveness and
system efficiency for the purpose of attaining organization
goals. Well-planned and structured audit is essential for risk
management and monitoring and control of information
systems in any organization.

Safeguarding IS assets
The Information systems assets of the organization must be protected by a
system of internal controls. It includes protection of hardware, software,
AUDITING IN CIS ENVIRONMENT

facilities, people, data, technology, system documentation and supplies. This


is because hardware can be damaged maliciously, software and data files
may be stolen, deleted or altered and supplies of negotiable forms can be
used for unauthorized purposes.

The IS auditor will be require to review the physical security over the facilities,
the security over the systems software and the adequacy of the internal
controls. The IT facilities must be protected against all hazards. The hazards
can be accidental hazards or intentional hazards.

Maintenance of Data Integrity


Data integrity includes the safeguarding of the information against
unauthorized addition, deletion, modification or alteration. The desired
features of the data are described here under:
a. Accuracy: Data should be accurate. Inaccurate data may lead to
wrong decisions and thereby hindering the business development
process.
b. Confidentiality: Information should not lose its confidentiality. It
should be protected from being read or copied by anyone who is not
authorized to do so.
c. Completeness: Data should be complete
d. Reliability: Data should be reliable because all business decision are
taken on the basis of the current database.
e. Efficiency: The ratio of the output to the input is known as efficiency.
If output is more with the same or less actual input, system efficiency
is achieved, or else system is inefficient. If computerization results in
the degradation of efficiency, the effort for making the process
automated stands defeated. IS auditors are responsible to examine
how efficient the application in relation to the users and workload.
AUDITING IN CIS ENVIRONMENT

Understanding Computerized Environment


In this section we explain how a computerized environment changes the way
business is initiated, managed and controlled.
Information technology helps in the mitigation and better control of business
risks, and at the same time brings along technology risks. Computerized
information systems have special characteristics, which require different
types of controls. Technology risks are controlled by General IS controls and
business risks are controlled using Application controls. Even though the
controls are different, the objectives of the audit function do not change
whether information is maintained in the computerized environment or a
manual environment; the tools and techniques are
different.
The changes in control and audit tools as well as
techniques have resulted in new methods of audit. The
internal controls are mapped onto the technology. These
controls and their mapping need to be understood as also
methods to evaluate and test these controls. The auditor
must learn new skills to work effectively in a computerized
environment
.
These new skills are categorized in three broad areas:
First, understanding of computer concepts and system design;
Second, understanding the functioning of Accounting Information System
(AIS), an ability to identify new risks and understand how the internal controls
are mapped on to the computers to manage technology and business risks.
Third, knowledge of use of computers in audit.

Acquisition of these skills has also opened up new areas of practice for
auditors like Information System Audit, Security Consultancy, Web
Assurance, etc.
AUDITING IN CIS ENVIRONMENT

To know more information about this subject


Auditing in CIS Environment kindly watch this video
https://youtu.be/fPdpV2gcOQw
For you to have an idea about IS AUDIT kindly watch
this video
https://youtu.be/7TFK-VRt6l0
Additional Information why is auditing information is
important
https://youtu.be/78wOWJ36T7w

Reference:
Compilation of lecture
notes by Dean Bacay

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy