Information System Audit
An information system (IS) audit or information technology(IT) audit is an examination of the controls within an entity’s Information technology infrastructure. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement. It is the process of collecting and evaluating evidence of an organization’s information systems, practices, and operations. Obtained evidence evaluation can ensure whether the organization’s information systems safeguard assets, maintains data integrity, and are operating effectively and efficiently to achieve the organization’s goals or objectives.
Information Systems Audit Methodology
- PHASE 1: Audit Planning
- PHASE 2 โ Risk Assessment and Business Process Analysis
Our Risk Based Information Systems Audit Approach
- Identify areas where the risk is unacceptably high
- Identify critical control systems that address high inherent risks
- Assess the uncertainty that exists in relation to the critical control systems
In carrying out the Business Process Analysis we:
- Obtain an understanding of the Client Business Processes
- Map the Internal Control Environment
- Identify areas of Control Weaknesses
- PHASE 3 โ Performance of Audit Work
- Establishing an Internal Review Process where the work of one person is reviewed by another, preferably a more senior person.
- We obtain sufficient, reliable and relevant evidence to be obtained through Inspection, Observation, Inquiry, Confirmation and recomputation of calculations
- We document our work by describing audit work done and audit evidence gathered to support the auditorsโ findings.
- PHASE 4: Reporting