PrEUIS - Week 1 - Lesson 1 & 2 PDF
Document Details
Uploaded by ErrFreeWolf2539
Ateneo de Davao University
Tags
Summary
This document outlines information systems audit (IS Audit) standards, guidelines, and business processes. It covers topics like IS auditing standards, control objectives for information related technology (COBIT), and different business processes like hire-to-retire, order-to-cash, and procure-to-pay.
Full Transcript
Lesson 1 & 2: IS Audit Standards, Guidelines, and Code of Ethics | Business Processes “ IS AUDIT STANDARDS 2 IS Auditing Standards Overview The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require stand...
Lesson 1 & 2: IS Audit Standards, Guidelines, and Code of Ethics | Business Processes “ IS AUDIT STANDARDS 2 IS Auditing Standards Overview The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically to IS auditing. 3 Control Objectives for Information and related Technology (COBIT) It is an information technology (IT) governance framework and supporting tool set that allows managers to bridge the gaps amongst control requirements, technical issues and business risks. 4 Control Objectives for Information and related Technology (COBIT) COBIT enables clear policy development and good practice for IT control throughout organizations. It emphasizes regulatory compliance, helps organizations increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework’s concepts. 5 IS Auditing Standard Professional Independence In all matters related to the audit, the IS auditor should be independent of the auditee in both attitude and appearance. Organisational Independence The IS audit function should be independent of the area or activity being reviewed to permit objective completion of the audit assignment. 6 IS Auditing Standard Planning The IS auditor should plan the information systems audit coverage to address the audit objectives and comply with applicable laws and professional auditing standards. The IS auditor should develop and document a risk based audit approach. 7 IS Auditing Standard Planning The IS auditor should develop and document an audit plan that lists the audit detailing the nature and objectives, timing and extent, objectives and resources required. The IS auditor should develop an audit program and/or plan and detailing the nature, timing and extent of the audit procedures required to complete the audit. 8 IS Auditing Standard Supervision — IS audit staff should be supervised to provide reasonable assurance that audit objectives are accomplished and applicable professional auditing standards are met. Evidence — During the course of the audit, the IS auditor should obtain sufficient, reliable and relevant evidence to achieve the audit objectives. The audit findings and conclusions are to be supported by appropriate analysis and interpretation of this evidence. 9 IS Auditing Standard Documentation — The audit process should be documented, describing the audit work performed and the audit evidence that supports the IS auditor's findings and conclusions. 10 “ IS AUDIT GUIDELINES 11 Audit Materiality The IS auditor should consider audit materiality and its relationship to audit risk while determining the nature, timing and extent of audit procedures. While planning for audit, the IS auditor should consider potential weakness or absence of controls and whether such weakness or absence of control could result into significant deficiency or a material weakness in the information system. 12 Audit Materiality Audit risk is the risk of the IS auditor reaching an incorrect conclusion based upon audit findings. The IS auditor should also be aware of the three components of audit risk, namely, inherent risk, control risk and detection risk. While planning and performing the audit, the IS auditor should attempt to reduce audit risk to an acceptably low level and meet the audit objectives. This is achieved by appropriate assessment of IS and related 13 controls Nature of Audit Evidence Audit evidence should be sufficient, reliable, relevant and useful to form an opinion or support the IS auditor’s findings and conclusions. If, in the IS auditor’s judgement, the audit evidence obtained does not meet these criteria, the IS auditor should obtain additional audit evidence. 14 Gathering Audit Evidence Procedures used to gather audit evidence vary depending on the information system being audited. The IS auditor should select the most appropriate, reliable and sufficient procedure for the audit objective. 15 Gathering Audit Evidence The following procedures should be considered: ▪ Inquiry ▪ Observation ▪ Inspection ▪ Confirmation ▪ Reperformance ▪ Monitoring 16 Audit Documentation Audit evidence gathered by the IS auditor should be appropriately documented and organised to support the IS auditor’s findings and conclusions 17 “ BUSINESS PROCESSES 18 Overview A business process refers to a set of activities that must be performed to complete an end-to-end business scenario. 19 Overview ▪ Hire to Retire ▪ Order to Cash ▪ Procure to Pay ▪ Inventory to Deliver ▪ Plan to Produce ▪ Acquire to Dispose ▪ 20 Record to Report ▪ Close, Consolidate and Report Hire to Retire The hire to retire process, also known as the employee lifecycle, is a critical business process that involves various activities from recruiting and onboarding employees to their separation from a company. 21 Hire to Retire This includes: a. Defining organizational structure and planning b. Recruiting the workforce c. Onboarding of hired employees d. Management of the employee lifecycle - performance management, career development, and succession planning. 22 Hire to Retire e. Administration managing time, compensation, leave and absence, expenses for the workforce f. Separation - including benefits management, offboarding, exit interviews and collection of company property 23 Order to Cash The order to cash business process includes everything that happens in an organization from a customer places an order until the payment is received and settled with the invoice. 24 Order to Cash This includes: a. Managing pricing and contracts b. Creating and managing sales orders c. Fulfillment of sales orders d. Issuing customer invoices e. Processing of customer rebates and recording customer payments f. Monitoring customer credit and collections 25 “ Turn the rejections you receive into others' regrets. - JDG, CPA 26 27