Information System Audit and Control

Lecture No 1

Recommended Readings

• CISA Review Manual, ISACA Publications• Hunton, J.E., Bryant, S.M., and Bagranoff, N.A.,

Core Concepts of Information Technology Auditing, John Wiley & Sons, 2004.

• Champlain, J.J., Auditing Information Systems, John Wiley, 2003.

• Lecture Notes

Information System Audit

• The government organizations have become increasingly dependent on computerized information systems to carry out their day-to-day operations.

• IS Auditors evaluate the reliability of computer generated data supporting financial statements and analyze specific programs and their outcomes.

• IS Auditors also examine the adequacy of controls in information systems and related operations to ensure system effectiveness.

Information System Audit (Con’d)

• IS Audit is the process of collecting and evaluating evidence to determine whether an information system has been designed to maintain data integrity, safeguard assets, allows organizational goals to be achieved effectively, and uses resources efficiently.

• Data integrity relates to the accuracy and completeness of information as well as to its validity.

Information System Audit (Con’d)

• An error in the calculation of Income Tax to be paid by employees in a manual system will not occur in each case but once an error is introduced in a computerized system, it will affect each case.

• A bank may suffer huge losses on account of an error of rounding off to the correct number of digits.

Information System Controls

• Controls in a computer information system reflect the policies, procedures, and practices designed to provide reasonable assurance that objectives will be achieved.

• The controls in a computer information system ensure effectiveness and efficiency of operations, reliability of financial reporting and compliance with the rules and regulations.

Information System Controls (Con’d)

• General Controls– controls over data center operations, system

software acquisition and maintenance, access security, and application system development and maintenance.

• Application Controls– controls that help to ensure the proper

authorization, completeness, accuracy, and validity of transactions, maintenance, and other types of data input.

Significance of IS Controls

• The IS Controls overcome the following problems.– Data loss due to file damage, data corruption

(manipulation), fire, power failure (or fluctuations), viruses etc.

– Errors in software which can cause damage as one transaction in a computer system may affect data everywhere.

– Computer abuse like fraud, negligent use etc.