Beruflich Dokumente
Kultur Dokumente
the Audit
It includes
Information gathering
Knowledge of the business itself
Strategic objectives
Financial Objectives
Operational objectives for internal control
Identifying restrictions on scope
Understanding the variety of audits
Systematic approach to planning
5
3- Performing a Risk Assessment
6
4- Determining whether an audit is Possible
7
5- Perform the actual Audit
Allocating staffing
Audits Org structure
Skills matrix
Using the work of other people
Ensure audit quality control
Audit standards, guidelines, and procedures were developed to promote quality and consistency in a
typical audit by ISACA and other organizations
Define auditee communications
Perform proper data collection
Auditor needs to determine how data will be gathered for evidence to support the audit report
Data collection techniques
Staff observation
Document review
Interviews
Workshops
Computer assisted audit tools (CAAT)
Surveys
Review existing controls (review the existing internal controls that are intended to prevent,
detect, or correct problems)
8
6- Gathering Audit Evidence
9
7- Performing Audit Tests
Two basic methods have been used for audit testing
Compliance testing
Substantive testing
Compliance testing tests for the presence or absence of
something
Information security policy present or not
System audit Logs activated or not
Backup copies present or not etc.
Substantive testing seeks to verify the content and integrity
of evidence, it may include
Complex calculations to verify account balances
Perform physical inventory counts
Execute sample transactions to verify the accuracy , etc.
10
8- Analyzing the Results
11
9- Report Audit Findings