Information Technology Reference
In-Depth Information
existence and effectiveness of IT controls. Once IT controls are determined to be effective,
financial auditors may consider going ahead with the audit and review financial data.
IT general controls audits can also be performed to give a general assurance to management
on the effectiveness of IT controls without any additional specialised audits. Management
might want to just have a general picture of existing IT controls and their effectiveness.
The IT general controls audit will be reviewed in more detail in chapter 10.
Application Systems Controls Audit
This is an examination of IT controls in an application system such as an accounting pack-
age or ERP system. An application systems controls audit involves examining specific ap-
plication systems used to automate business processes. An enterprise might have one or
more application systems which are used to operate the business. In many cases, enterprises
today are opting for integrated systems, such as ERP systems, compared to using non-in-
tegrated systems which require multiple data input.
There are a number of areas which are covered during an application systems controls
audit, such as input controls, processing controls, output controls, access controls, and dis-
aster recovery procedures.
Application systems controls audits can either be conducted in conjunction with an IT gen-
eral controls audit or a specialised audit. An application systems controls audit is specific
to a particular business process or processes and requires specialised skills. It is normally
recommended that an IS auditor auditing a financial system should also have training in
that particular application system in addition to having general IS auditing skills. This topic
will be considered in more detail in chapter 11.
IT Governance Audit
IT governance is about ensuring that IT is aligned and supports business goals, good man-
agement of IT risk, appropriate investment in IT infrastructure, and use of IT to achieve a
competitive advantage or creation of business opportunities. Enterprises that have imple-
mented IT governance have witnessed a number of new opportunities. You may have also
noticed that small or medium enterprises would not like to remain behind in the effective
use of IT which results from implementing IT governance.
When auditing an IT governance framework, IS auditors focus on areas such as involve-
ment of the board of directors in IT governance, investment in IT, how regular IT is dis-
cussed at board and management levels. The IS auditor would also look at how IT strategy
is aligned to business strategy. One other important area is to assess how IT governance is
translated into IT management and operational strategies at management and operational
levels. This topic will be reviewed in more detail in chapter 5.
Search WWH ::
Custom Search