Essay About Audit Process And Application Controls

The Audit Process and System Development Life Cycle
Table of ContentsThe Audit Process:        Technology Basics:        System Development Life Cycle (SDLC):        System Implementation and Operations:        The Audit Process:1) List and explain the six major data gathering tools and approaches used by an auditorStaff Observation – this can be a powerful form of evidence if the auditor is effective and well educated in the task that is being performed.  Observation is an excellent method to gain insight into the internal working process of the employees.Surveys – Not as a reliable form of obtaining audit evidence since answers from a survey could be from a skewed perspective or people will answer questions they believe the auditor wants to hear.  Conducting a survey is a cheap and simple preliminary insight into the organization at the beginning of the audit.  However, as the audit progresses conducting a survey tend to provide unreliable analysis due to the lack of consistency and resulting trustworthiness of the answers. Document Review – Perhaps the most formal data gathering tool there is due to the legal and regulatory laws present, in which the organization has to abide by.  Auditor should review any related legal documentation in conjunction with contracts and policies.  The evidence rule will apply – presence of policies and documents doesnt necessarily mean they are actually in use.Interviews – Selected personnel appropriate and purposeful to meet the objective of the audit is excellent form of engagement as well as being meaningful to extract information.  Ensure that adequate preparation and consistent questions are in alignment with the objective of the audit interview.   Workshops – workshops produce mixed results and could be really effective over interviews if organized appropriately in getting the attention and participation from the audit committee.  Normally, workshops facilitates understanding and awareness.Computer Assisted Audit Tools (CAATs) – impressive new auditing software tools are exceptional support for auditors to examine configurations settings, parameters of account, system logs and other time-consuming analysis of data.2) Distinguish between general, pervasive and application controls providing two examplesGeneral controls is the overall parent class of controls governing all areas of the business and include segregation of duties to prevent employees from breaching any level of authority to possibly committing fraud — this would be considered preventative control.  Another example would be to continuously monitor the workers and work environment — this would be considered detective control.Pervasive controls is tailored to the technology sector and are a subset of general controls focused on managing and monitoring a specific technology and govern the operation of the information system duties.  Two examples demonstrating pervasive control is disaster recovery and continuity planning and security administration which are corrective and preventative controls respectively.Application controls is the lowest subset of the internal control hierarchy and are normally embedded into programs.  At this point, all activities should have filtered through the general controls to the pervasive controls, before it reaches the application control level.  Two examples demonstrating application control is intrusion detection system (IDS) and biometrics for identification which are both detective controls respectively.3) Computer Assisted Auditing Tools (CAATs) and advantages/disadvantagesHost evaluation tools has the ability to diagnose the system configuration settings and detect the host for any vulnerabilities in the system.  These exception can be further tested to determine if vulnerabilities could produce information that is material in nature and potentially cause misstatement in the financial statements.Sniffer or packet analyzer as a tool to perform protocol analysis and examine network traffic passing through a digital network.Password testing to isolate user login account who fail to create a password that is compliant with company policies.The advantages of using CAAT is that IS auditors can utilize and test the reliability of client system with an increasing sophistication of tools that can be automated saving a tremendous amount of time examining and evaluating the clients system applications.  In addition, normally the automated CAAT tool will produce accuracy of audit tests and testing procedures can be completed with more efficiency, which will result in cost effective audits.  Lastly, CAAT is able to independently run and access the data stored on a computer system without depending on the client to provide sufficient database.