Scribd Logo
Importer

Bienvenue sur Scribd !

  • Is Audit and Internal Controls

    Transféré par

    Bharath Rao
    25 vues18 pages
    An Article to understand as to how IS Audits can be performed. Basic Concepts to the IS Audits is made clear in this article.

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    An Article to understand as to how IS Audits can be performed. Basic Concepts to the IS Audits is made clear in this article.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    25 vues18 pages

    Is Audit and Internal Controls

    Transféré par

    Bharath Rao
    An Article to understand as to how IS Audits can be performed. Basic Concepts to the IS Audits is made clear in this article.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 18

    IS Audit and

    Internal Controls
    BHARATH RAO
    CA
    Professional
    Audit
    Audit
    Tax
    Company Matters
    Legal Complicances
    Accounts
    Statutory Audit
    Internal Audit
    Tax Audit (44AB,
    VAT etc)
    Special Audits
    10/19/2013 blog.bharathraob.com
    2
    More work more pay
    IS Audit
    Design of Access, Process Controls
    Implementation of ERP
    Implementation of GRC
    Forensic Audit
    Legal Compliances and Frameworks for IT Governance:
    Sarbanes - Oxley Act 2002 Section 302 and 404
    Companies Act 2013 Section 134 and 143
    ISO 27001
    ISO 27002
    ISO 27031
    COBIT 5/COSO Framework

    10/19/2013 blog.bharathraob.com
    3
    Terms
    Risk
    10/19/2013 blog.bharathraob.com
    4
    Internal Controls
    It means policies framed by the
    management in order to have stronger
    and adequate control within the
    organization, which can be checked by
    the internal or stat auditor in order to
    ensure that the goals and objectives are
    duly met.
    10/19/2013 blog.bharathraob.com
    5
    Components of Internal
    Controls
    Control
    Environment
    Risk
    Assessment
    Control
    Activities
    Information
    and
    Communication
    Monitoring
    10/19/2013 blog.bharathraob.com
    6
    Formula of Internal
    Control
    General
    Controls
    IS
    Controls
    Internal
    Controls
    10/19/2013 blog.bharathraob.com
    7
    IS Controls
    IS Controls
    Application
    Controls
    IT General
    Controls
    10/19/2013 blog.bharathraob.com
    8
    Objective of IS Controls
    Maintaining Confidentiality
    Preserving Integrity
    Ensuring Availability
    10/19/2013 blog.bharathraob.com
    9
    Applications Controls
    Application software is the software that processes
    business transactions.
    The application software could be a payroll system, a
    retail banking system, an inventory system, a billing
    system or, possibly, an integrated ERP.
    Controls, which relate to the business applications
    thereby leading to judicial use of the application and are
    enforced through the application itself to the end user.
    10/19/2013 blog.bharathraob.com
    10
    Examples of Applications
    General Ledger
    Fixed Assets
    Inventory Control
    Sales
    Manufacturing Resource Planning (MRP)
    Human Resources
    And, everyones favorite Payroll

    10/19/2013 blog.bharathraob.com
    11
    Types of Application
    Controls
    Input
    Controls
    Data
    Checks
    and
    Validation
    s
    Processing
    Controls
    Duplicate
    Checks,
    File
    Identificati
    ons and
    validations
    Output
    Controls
    Update
    Authorizat
    ion
    Integrity
    Controls
    Data
    Encryptio
    n, Input
    Validation
    Management
    Trail
    Snapshots,
    Time
    Stamps
    10/19/2013 blog.bharathraob.com
    12
    General Controls
    ITGCs may also be referred to as General Computer
    Controls which are defined as: Controls, other than
    application controls, which relate to the environment within
    which computer-based application systems are developed,
    maintained and operated, and which are therefore applicable
    to all applications.
    These are policies and procedures that relate to many
    applications and support the effective functioning of
    application controls by helping to ensure the continued
    proper operation of information systems.
    10/19/2013 blog.bharathraob.com
    13
    Areas of IT General
    controls
    Physical Access Data Center IS Security
    SDLC and
    Change
    Management
    (CM)
    Logical Controls
    Backup and
    Recovery
    End User
    Computing
    10/19/2013 blog.bharathraob.com
    14
    The IS audit
    Checking the
    Documentation of
    Policies, Processes
    Understanding the
    solutions that are
    present other than
    business
    applications and
    their role
    Reviewing Logs
    that are generated
    by applications
    Testing and
    gathering of
    evidences based
    on Sampling
    Screen shots,
    Photos, Email
    Conversations,
    Scans
    10/19/2013 blog.bharathraob.com
    15
    RCM Risk control matrix
    Link
    10/19/2013 blog.bharathraob.com
    16
    Sampling
    Suggested Sample Size
    Nature of Control Frequency of Performance
    Number of Items to Test per
    Annual
    Number of Items to Test per
    Quarter
    Manual General Controls Many times per day 25 6-7
    Manual General Controls Daily 20 5
    Manual General Controls Weekly 10 2-3
    Manual General Controls Monthly 3 1
    Manual General Controls Quarterly 2 0-1
    Manual General Controls Annually 1
    Programmed General Controls Test one instance of each programmed control activity.
    10/19/2013 blog.bharathraob.com
    17
    18 Thank you
    BHARATH RAO B
    +91 96113 19421 | bharath@bharathraob.com
    www.bharathraob.com
    blog.bharathraob.com
    /bharathraob
    10/19/2013 blog.bharathraob.com

    Vous aimerez peut-être aussi