If a company uses information technology infrastructure for doing business instead of manual system, at that time, there is the big need of auditing this information system or information technology for deducting and preventing the fraud and errors.
For auditing information technology, auditor has to become tech-sevy. Otherwise, auditor can not get the project of IT audit from big corporates. Before knowing the steps to audit the information technology, he should know that there are also different name of IT Audit. Synonyms of IT audit are
(a) EDP Audits ( Electronic data processing audits)
(b) Computer Audits
(c) ADP Audits ( Automated data processing audits)
(d) Information System Audits
Following are the Steps of Audit of Information Technology
1. Scoping and Pre-Audit Survey
First step of IT audit is to determine the scope of information systems. He has to become well-known about the area of his audit. He should have the knowledge about the employees who are responsible their respective work in information system. He should take the interviews of all these IT personnel. He should record it in his notepaper. In his scope audit, he should fix his objective of audit. It should be the evaluation of security system, accuracy and IT governance.
2.Planning
Auditor should make written planning of audit of information system. He should fix the team members who will review the system. He has to fix whether all data and information system infrastructure will be reviewed or sample basis. Measure the risk level of information system audit. Plan to control it. Fix the time limit of audit.
3. Fieldwork and Studying
Now, auditor and his team will visit where is the information system has installed. He and his expert team will check it practically. Collect the evidence of system's work. Write what they observed. Remember, if there is small mistake in information system, it will affect the recording of millions of transactions. For example, there is system of automatic recording of depreciation. If rates are entered wrongly in it whole assets depreciation will be wrong and financial statements will automatically be affected from this. So, there is a deep study every system in it.
4. Analysis and Tests
Analysis and tests of system is also important part of IT audit. Audit trail can help in this. Auditor and his team should analysis each given report by system. Through logical skill, check whether it is correct or not.
5. Reporting
This is the 5th step in which auditor will make the report for writing his opinion on the information system's accuracy and strength to control access outsiders. He can also write other recommendation as per auditing standards.
6. Follow Up
In the end process, auditor checks past audit reports and recommendations and see whether management has follow up or not. If not, auditor should give the report with some warning and consequences as per law if not follow in his given time limit.
For auditing information technology, auditor has to become tech-sevy. Otherwise, auditor can not get the project of IT audit from big corporates. Before knowing the steps to audit the information technology, he should know that there are also different name of IT Audit. Synonyms of IT audit are
(a) EDP Audits ( Electronic data processing audits)
(b) Computer Audits
(c) ADP Audits ( Automated data processing audits)
(d) Information System Audits
Following are the Steps of Audit of Information Technology
1. Scoping and Pre-Audit Survey
First step of IT audit is to determine the scope of information systems. He has to become well-known about the area of his audit. He should have the knowledge about the employees who are responsible their respective work in information system. He should take the interviews of all these IT personnel. He should record it in his notepaper. In his scope audit, he should fix his objective of audit. It should be the evaluation of security system, accuracy and IT governance.
2.Planning
Auditor should make written planning of audit of information system. He should fix the team members who will review the system. He has to fix whether all data and information system infrastructure will be reviewed or sample basis. Measure the risk level of information system audit. Plan to control it. Fix the time limit of audit.
3. Fieldwork and Studying
Now, auditor and his team will visit where is the information system has installed. He and his expert team will check it practically. Collect the evidence of system's work. Write what they observed. Remember, if there is small mistake in information system, it will affect the recording of millions of transactions. For example, there is system of automatic recording of depreciation. If rates are entered wrongly in it whole assets depreciation will be wrong and financial statements will automatically be affected from this. So, there is a deep study every system in it.
4. Analysis and Tests
Analysis and tests of system is also important part of IT audit. Audit trail can help in this. Auditor and his team should analysis each given report by system. Through logical skill, check whether it is correct or not.
5. Reporting
This is the 5th step in which auditor will make the report for writing his opinion on the information system's accuracy and strength to control access outsiders. He can also write other recommendation as per auditing standards.
6. Follow Up
In the end process, auditor checks past audit reports and recommendations and see whether management has follow up or not. If not, auditor should give the report with some warning and consequences as per law if not follow in his given time limit.
No comments:
Post a Comment