Chapter 7,8,10 As system complexity and our dependence on them increase, companies face the growing risk of their systems being compromised. What are the threats a company faces? Or what are the threats to ais?


What is risk based audit approach Illustrate a logical framework for carrying out an audit



Download 0.52 Mb.
View original pdf
Page10/11
Date17.12.2020
Size0.52 Mb.
#55473
1   2   3   4   5   6   7   8   9   10   11
Chapter 7,8,10
15. What is risk based audit approach Illustrate a logical framework for carrying out an audit.
The risk-based approach provides auditors with a clearer understanding of the fraud and errors that can occur and the related risks and exposures. The following internal control evaluation approach, called the risk-based audit approach, provides a framework for conducting information system audits
1. Determine the threats (fraud and errors) facing the company. This is a list of the accidental or intentional abuse and damage to which the system is exposed.
2. Identify the control procedures that prevent, detector correct the threats. These are all the controls that management has put into place and that auditors should review and test, to minimize the threats.
3. Evaluate control procedures. Controls are evaluated in two ways a. A systems review determines whether control procedures are actually in place. b. Tests of controls are conducted to determine whether existing controls work as intended.
4. Evaluate control weaknesses to determine their effect on the nature, timing, or extent of auditing procedures. If the auditor determines that control risk is too high because the control system is inadequate, the auditor may have to gather more evidence, better evidence, or more timely evidence. Control weaknesses in one area maybe acceptable if there are compensating controls in other areas.
16. Explain the following terms (i) Concurrent audit techniques (ii) Embedded audit modules

Download 0.52 Mb.

Share with your friends:
1   2   3   4   5   6   7   8   9   10   11




The database is protected by copyright ©ininet.org 2024
send message

    Main page