is audit and internal controls
DESCRIPTION
Information Systems Audit is now an emerging field for Chartered Accountants and other Auditing Professionals. This presentation describes in brief the relation between Internal Controls and IS Audit. This is a basic presentation for understanding the concept of IS Audit for those who are new into the field. Please send in your valuable suggestions and comments to [email protected]TRANSCRIPT
![Page 1: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/1.jpg)
IS Audit and Internal ControlsBHARATH RAO
![Page 2: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/2.jpg)
blog.bharathraob.com
2CA
Professional
Audit
• Audit• Tax• Company Matters• Legal Complicances• Accounts
• Statutory Audit• Internal Audit• Tax Audit (44AB,
VAT etc)• Special Audits
10/19/2013
![Page 3: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/3.jpg)
blog.bharathraob.com
3
More work more pay
• IS Audit• Design of Access, Process Controls• Implementation of ERP• Implementation of GRC• Forensic Audit• Legal Compliances and Frameworks for IT Governance:
• Sarbanes - Oxley Act 2002 – Section 302 and 404• Companies Act 2013 – Section 134 and 143• ISO 27001• ISO 27002• ISO 27031• COBIT 5/COSO Framework
10/19/2013
![Page 4: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/4.jpg)
blog.bharathraob.com
4Terms
Control
• Design
• Operatio
n
RiskProcess
10/19/2013
![Page 5: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/5.jpg)
blog.bharathraob.com
5Internal Controls
It means policies framed by the management in order to have stronger and adequate control within the organization, which can be checked by the internal or stat auditor in order to ensure that the goals and objectives are duly met.
10/19/2013
![Page 6: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/6.jpg)
blog.bharathraob.com
6
Components of Internal Controls
Control Environment
Risk Assessment
Control Activities
Information and
CommunicationMonitoring
10/19/2013
![Page 7: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/7.jpg)
blog.bharathraob.com
7
Formula of Internal Control
General Controls
IS Controls
Internal Controls
10/19/2013
![Page 8: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/8.jpg)
blog.bharathraob.com
8IS Controls
IS Controls
Application Controls
IT General Controls
10/19/2013
![Page 9: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/9.jpg)
blog.bharathraob.com
9
Objective of IS Controls
Maintaining Confidentiality
Preserving Integrity
Ensuring Availability
10/19/2013
![Page 10: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/10.jpg)
blog.bharathraob.com
10
Applications Controls
Application software is the software that processes business transactions.
The application software could be a payroll system, a retail banking system, an inventory system, a billing system or, possibly, an integrated ERP.
Controls, which relate to the business applications thereby leading to judicial use of the application and are enforced through the application itself to the end user.
10/19/2013
![Page 11: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/11.jpg)
blog.bharathraob.com
11
Examples of Applications
• General Ledger• Fixed Assets• Inventory Control• Sales• Manufacturing Resource Planning (MRP)• Human Resources• And, everyone’s favorite – Payroll…
10/19/2013
![Page 12: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/12.jpg)
blog.bharathraob.com
12Types of Application Controls
Input Controls
Data Checks
and Validation
s
Processing Controls
Duplicate Checks,
File Identificati
ons and validations
Output Controls
Update Authorizat
ion
Integrity Controls
Data Encryption, Input
Validation
Management Trail
Snapshots, Time
Stamps
10/19/2013
![Page 13: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/13.jpg)
blog.bharathraob.com
13General Controls
ITGCs may also be referred to as General Computer Controls which are defined as: Controls, other than application controls, which relate to the environment within which computer-based application systems are developed, maintained and operated, and which are therefore applicable to all applications.
These are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems.
10/19/2013
![Page 14: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/14.jpg)
blog.bharathraob.com
14
Areas of IT General controls
Physical Access Data Center IS Security
SDLC and Change
Management (CM)
Logical Controls Backup and Recovery
End User Computing
10/19/2013
![Page 15: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/15.jpg)
blog.bharathraob.com
15The IS audit
Checking the Documentation of Policies, Processes
Understanding the solutions that are present other than
business applications and
their role
Reviewing Logs that are generated
by applications
Testing and gathering of evidences based on Sampling• Screen shots,
Photos, Email Conversations, Scans
10/19/2013
![Page 16: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/16.jpg)
blog.bharathraob.com
16
RCM – Risk control matrix
• Link
10/19/2013
![Page 17: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/17.jpg)
blog.bharathraob.com
17Sampling
Suggested Sample Size
Nature of Control Frequency of Performance Number of Items to Test per
AnnualNumber of Items to Test per
Quarter
Manual General Controls Many times per day 25 6-7
Manual General Controls Daily 20 5
Manual General Controls Weekly 10 2-3
Manual General Controls Monthly 3 1
Manual General Controls Quarterly 2 0-1
Manual General Controls Annually 1
Programmed General Controls Test one instance of each programmed control activity.
10/19/2013
![Page 18: IS Audit and Internal Controls](https://reader034.vdocument.in/reader034/viewer/2022051514/54c02e5e4a7959ef6a8b45d1/html5/thumbnails/18.jpg)
blog.bharathraob.com
18Thank you
• BHARATH RAO B• +91 96113 19421 | [email protected]• www.bharathraob.comblog.bharathraob.com/bharathraob
10/19/2013