Information Technology

Audit
Overview
Edhen O. Manzanares, CPA, CISA, CRISC

The need for information

technology auditors far

outstrips the supply of

qualified candidates

Kenneth P. Laury and John F. Cronin. Need and Supply is Unbalanced,

Information Systems Control Journal, p.44
IT Audit Overview

Salary Trends

IT Audit Overview

Its not about the money

BUT IF YOU REALLY WANT TO KNOW...

IT Audit Overview

Monetary Motivation

IT Audit Overview

Its not about the money, money, money

The Institute of Internal
Auditors survey of 2012
showed that IT Auditors
with a CISA
certification earn a
higher salary than
those with the CIA
certification.
The main reason
behind this being the
CISA goes into greater
technical detail and is
more geared towards
information technology
in comparison to the
CIA.

Robert Half Survey: IT Auditor vs

Internal Auditor Salary (2015)

1- 3 yrs experience

IT Audit Overview

4 + yrs experience

Source: https://itauditsecurity.wordpress.com/2013/03/04/cisa-vs-cia-certification/

IT on Organizations
Enterprise Governance
Process of setting and implementing
corporate strategy, ensuring that the
organization achieves its objectives
efficiently and manage risks

IT Audit Overview

IT ON ORGANIZATIONS
IT Governance
Objective is to set strategies for IT so that it
is closely aligned with organizational
goals and
To use it for maximum opportunity but
minimum risk

IT Audit Overview

IT GOVERNANCE FRAMEWORK
Provide
Direction

IT Activities

Set Objectives
IT is aligned with the
business
IT enables the business &
maximize benefits
IT resources are used
responsibly
IT-related risks managed
appropriately

IT Audit Overview

Compare

Measure
Performance

Increases automation
(make the business
effective)
Decrease cost (make
enterprise efficient)
Manage risks (security
reliability and
compliance)

10

IT & TRANSACTION PROCESSING

Businesses are involved in and affected by
many events. As these events occur, the
information system collects data about
them.
The information systems in an organization are
involved in a continual process of collecting
data about transactions and turning it into
information, which it reports to various
stakeholders.

IT Audit Overview

11

IT & TRANSACTION PROCESSING

A computerized IS for transaction
processing may decrease some risks and
increase others.

Risk

IT Audit Overview

Information
System

Risk

12

The work of an IT Auditor

Is there an internal IT auditor?
IT

auditors give assurance or provide

comfort over just about anything related to
information systems.

IT Audit Overview

13

Types of IT Auditor engagements

Evaluating controls over specific applications.
Providing

assurance over specific processes.

Providing

third-party assurance.

Penetration

testing.

Supporting

financial audit.

Searching

IT Audit Overview

for IT-based fraud.

14

Financial statement audit

VS IT Audit
FS AUDIT
evaluate whether
an organization is
adhering to
standard
accounting
practices

Information Technology Audit

IT AUDIT
evaluate the
system's internal
control design
and effectiveness

15

Financial audit process

Develop an
understanding of the
client and perform
preliminary audit
work

Develop audit plan

Evaluate the internal

control system

IT Audit Overview

IT auditors evaluate
complexity of IT

IT auditors work with

financial auditors to
develop audit plan

IT auditors and financial

auditors jointly evaluate
the internal control
system
16

Financial audit process

Determine degree of
reliance on internal
controls

IT auditors and
financial auditors
jointly determine this

Perform substantive
testing

IT auditors may perform

some data analysis or
CAAT routines to assist
financial auditors.

IT Audit Overview

17

Financial audit process

Review work and issue
audit report

IT auditors review report

and write report to
management with ITrelated recommendations.

Conduct follow-up
work

IT auditors work with

management and financial
auditors on follow-up.

IT Audit Overview

18

SAS No. 94
The effect of information technology on
the Auditors consideration of internal
control in a Financial Statement Audit.

Requires auditors to understand both manual

& computerized processes for FS preparation
and to recognize the additional risks and
benefits of IT relative to internal control.

IT Audit Overview

19

Sarbanes-Oxley Act of 2002

Mandates that management assess and make

representation about internal controls.

Auditors will need to test those controls and

provide assurance about managements
representations.

IT Audit Overview

20

Prepping for life after school

IT Audit Overview

21

IT Audit Skills
Educational requirements
Certifications
Technical
General

IT Audit Overview

(CPA, CIA, CFE, CISA, CISSP)

Skills

Personal and Business skills

22

What is the most important it audit skill?

IT Audit Overview

23

IT auditing is a growing field. Technology

is changing daily and increasingly
impacting businesses and other entities.
So if IT is becoming more and more
pervasive and complex, and if the need
for auditing is on the rise, then IT auditors
are going to be in demand.
IT Audit Overview

24