Database Reference
In-Depth Information
IT Audit
IT Audit provides assurance over the effectiveness of information technology
controls. IT controls mitigate the risk of computer generated data that can impact
financial and operational results. In this chapter, we will:
• Describe IT Audit activities
• Provide an approach for managing the IT Audit program; and
• Review examples of automating Audit activities using Oracle GRC Controls
applications—Access Controls Governor, Transaction Controls Governor,
Change Controls Governor, and Preventive Controls Governor
As many organizations run their business on enterprise applications, such as Oracle
E-Business Suite, PeopleSoft, JD Edward, the auditors must include IT controls
within the scope of the overall audit program. Auditors should be familiar with how
the IT controls work and also have the right approach and tools to assess the control
over enterprise applications and computer systems that store, process, and report
business information. Well designed IT controls can improve the audit effectiveness
and accuracy while speeding by with the audit work plan. For example, auditors
can test the segregation of duty controls in a purchasing application to ensure that
access to enter a supplier is separated from the access to make a payment to the
same supplier. Access controls testing tool can be of great value to the auditor in
performing such an important task to ensure that the adequate controls exist. IT
controls should be selected in a similar manner to business controls based on the
risk assessed so as to reduce the impact of identified risks to acceptable levels.
IT Audit activities include planning, assessment, remediation, and monitoring
of the computer system controls. These activities should enable the auditors and
management to determine the design and operating effectiveness of computer
system controls that maintain accuracy and completeness of information, safeguard
assets, and mitigate the risks in achieving organizational objectives. An effective IT
controls environment can also help the management improve business performance
by monitoring controls within significant business processes such as Procure-to-Pay,
Order to Cash, and Hire to Retire.
Search WWH ::
Custom Search