MGTD60 Midterm.docx

55 Pages
160 Views
Unlock Document

Department
Financial Accounting
Course
MGAD10H3
Professor
P.Yien/ K.Jackson
Semester
Summer

Description
Chapter One Introduction to IT Auditing IT Governance the process for controlling an organizations IT resources, including information and communication systems, and technology. using IT to promote an organizations objectives and enable business processes and to manage and control IT related risks. CobiTs IT Governance Management Guideline Identifies critical success factors, key goal and performance indicators, and an IT governance maturity model. IT governance framework begins with setting IT objectives and measures and compares performance against them. IT and Transaction (Tx) Processing The IS collects transaction data The IS turns data into information Computerized Tx systems increase some risks and decrease others What do IT auditors do? Ensure IT governance by assessing risks and monitoring controls over those risks Works as either internal or external auditor Works on many kind of audit engagements Financial vs IT Audits IT auditors may work on financial audit engagements IT auditors may work on every step of the financial audit engagement Standards, such as SAS No. 94, guide the work of IT auditors on financial audit engagements IT audit work on financial audit engagements is likely to increase as internal control evaluation becomes more important IT Audit Skills College education IS, computer science, accounting Certifications CPA, CFE, CIA, CISA, CISSP, and special technical certifications Technical IT audit skills specialized technologies General personal and business skills Professional Groups and Certifications Alphabet Soup ISACA CISA IIA CIA ACFE CFE AICPA CPA and CITP How to Structure an IT Audit AICPA Standards and Guidelines GAAS, SAS, and SSAE IFAC Guidelines harmonized or common international accounting standards and guidelines ISACA standards, guidelines, and procedures includes CobiT and audit standards An Overview of the Book Section I an introduction to IT audit, the legal and ethical environment of the IT audit, introduction to risks and controls Section II risks over specific processes and technologies deployment of IS, operation of IS, network systems, and e-business systems Section III how to do an It audit use of CAATs and a step-by-step IT audit Appendices ACL tutorial and IT audit glossary Chapter Two Ethical & Legal Issues (Intro) Why a Code of Ethics? Not all people act ethically under all circumstances. Written guidelines are not a guarantee, but ethical codes help keep honest people honest! Six Good Reasons for Organizations to Develop Codes of Ethical conduct. 1. Define acceptable behaviors for relevant parties; 2. Promote high standards of practice throughout the organization; 3. Provide a benchmark for organizational members to use for self evaluation; 4. Establish a framework for professional behavior, obligations and responsibilities; 5. Offer a vehicle for occupational identity; 6. Reflect a mark of occupational maturity. Ten Ethical Standards set forth by ISACA 1. Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems. 2. Serve in the interest of relevant parties in a diligent, loyal and honest manner, and shall not knowingly be a party to any illegal or improper activities. 3. Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties. 4. Perform their duties in an independent and objective manner and avoid activities that impair, or may appear to impair, their independence or objectivity. 5. Maintain competency in their respective fields of auditing and information systems control. 6. Agree to undertake only those activities which they can reasonably expect to complete with professional competence. 7. Perform their duties with due professional care. 8. Inform the appropriate parties of the results of information systems audit and/or control work performed, revealing all material facts known to them, which if not revealed could either distort reports of operations or conceal unlawful practices. 9. Support the education of clients, colleagues, the general public, management, and boards of directors in enhancing their understanding of information systems auditing and control. 10. Maintain high standards of conduct and character and not engage in acts discreditable to the profession. Failure to comply: Can result in investigation Ultimately in disciplinary action IRREGULAR AND ILLEGAL ACTS Irregular act: reflects an intentional violation of corporate policies or regulatory requirements or an unintentional breach of law Illegal act: represents a willful violation of law EXAMPLES Fraud Computer crimes Nonconformity with agreements & contracts between the organization & third parties Violations of intellectual property rights Noncompliance with other regulations & laws. Who is responsible for prevention, detection, and reporting? Management is responsible for the prevention and detection of irregular and illegal acts, not the IT auditor. Characterization should be made by qualified expert. CPA s are qualified to determine if acts are material to financial statements. What is the IT Auditors Responsibility? ISACA guideline : IT auditors are not qualified to determine whether an irregular, illegal or erroneous act has occurred. Overview of Responsibilities 1. Plan the IT audit engagement based on an assessed level of risk that irregular and illegal acts might occur, and that such acts could be material to the subject matter of the IT auditors report. 2. Design audit procedures that consider the assessed risk level for irregular and illegal acts. 3. Review the results of audit procedures for indications of irregular and illegal acts. 4. Report suspected irregular and illegal acts to one or more of the following parties: The IT auditors immediate supervisor and possibly corporate governance bodies, such as the board of directors or audit committee; Appropriate personnel within the organization, such as a manager who is at least one level above those who are suspected to have engaged in such acts. If top management is suspected, then refer to corporate governance bodies only. Legal counsel or other appropriate external experts. 5. Assume that the act is not isolated; 6. Determine how the act slipped through the internal control system; 7. Broaden audit procedures to consider the possibility of more acts of this nature;
More Less

Related notes for MGAD10H3

Log In


OR

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


OR

By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.


Submit