Beruflich Dokumente
Kultur Dokumente
Policy
Guidelin
es
Procedur
es
Auditing standards
There are two basic categories of audit testing: audits either verify that an item
necessary of compliance exists (compliance test) or check inside for the
substance and integrity of a claim (substantive test).
Audit standards:
Audit charter
Independence
Professional Ethics and Standards of
Conduct
Professional competence
Planning
Performance of Audit Work
Audit Reporting
Follow-up Activities
Irregularities and illegal acts
It Governance
Use of Risk Analysis in Audit
planning
Audit Materiality
Using the work of other people
Proper Audit Evidence
Effective IT controls
Electronic Commerce Controls
Marketing
Manufacturing /Software development
Sales
Finance
legal
quality control
legal
quality control
research and development
program and project management office
business continuity
Information technology
Human resources
Labor management
Administration
The audit planning issues should be considered regardless of the size of the
organization:
Audit Scope
Audit criteria
Audit team
The audit charter outlines the responsibility, authority and accountability of the
auditor.
Risk Assessment:
Inherent risk: These are natural or built-in risks that always exist.
Detection risks: these are the risks that an auditor will not be able to
detect what is being sought. It would be terrible to report no negative
results when material condition (faults) actually exist. Detection risks
include sampling and nonsampling risks.
o Sampling risks: these are the risks that an auditor will falsely accept
or erroneously reject an audit sample (evidence).
o Nonsampling risks: these are the risks that an auditor will fail to
detect a condition because of not applying the appropriate
procedure or using procedures inconsistent with the audit objective
(detection fault)
Control risks: that an auditor loses control, errors could be introduced, or
errors may not be corrected in a timely manner.
Business risks: these are risks that are inherent in the business or
industry itself (regulatory, contractual, financial)
Technological risks: these are inherent risks of using automated
technology
Operational risks: these are the risks that a process or procedure will not
perform correctly
Residual risks: these are the risks that remain after all mitigation efforts
are performed
Audit risks: the combination of inherent, detection, control , and residual
risks. These are the same risks facing normal business operations.
Staff observation
Document review
Interviews
Workshop
Computer assisted audit tools (CAAT)
Surveys
General controls
Pervasive IS controls
Detailed IS controls
Types of evidence:
Grading of evidence
Four criteria:
-
Material relevance;
Evidence objectivity;
Competency of evidence provider;
Evidence independence
Stopand-Go
Sampling
Discover
y
sampling
Precision
,
or
Expected
Error
Rate
Substantive testing
Substantive testing seeks to verify the content and integrity of evidence.
Substantive tests may include complex calculations to verify account balances,
perform physical inventory counts, or execute sample transactions to verify the
accuracy of supporting documentation.
This test is based on one of the following types of audit samples:
Variable
sampling
Unstratified
mean estimation
Stratified mean
estimation
Difference
estimation
Each finding of evidence can be classified into one of these common reporting
statements, presented in order of most desirable to least desirable:
Noteworthy achievement:
Conformity
Opportunity for Improvement
Concern
Nonconformity
Fraud
Theft
Suppression
Racketeering
Regulatory violations
IS Network infrastructure
Efficiency of resources
Portability between environments
Maintainability with regards to making modifications