Computer Audit Essentials: Key Concepts and Objectives
Computer Audit Essentials
1. Computer Audit: The process of collecting and evaluating evidence to determine when assets are safeguarded by computer systems.
2. Essential Auditor Skill: Communicate effectively and provide appropriate treatment to people.
3. Requirement for Good Planning: Obtain an overview of the organization and the function to be evaluated.
4. Planning Process Components: Goals, audit work programs, personal contract plans, and reports of activities.
5. Objectives of Information Audit:
- Assessment of computer equipment.
- Security and confidentiality of information.
- System evaluation procedures.
6. Preliminary Review Defined: The collection of evidence through interviews with facility personnel, observation of activities, and review of documentation.
7. Preliminary Review Objective: To obtain the information necessary for the auditor to decide whether to proceed with the audit.
8. Detailed Review Objective: To obtain information necessary for the auditor to have a thorough understanding of the controls used in the computer area.
9. Computing Review and Evaluation Process: Obtain information on all matters relating to the objectives and scope of the audit.
10. Purpose of Substantive Testing Phase: Obtain sufficient evidence to enable the auditor to issue guidelines on the conclusions about when ordering materials may occur during the procedure of information.
11. Four Substantive Tests:
- Ensure data quality.
- Identify the consistency of the data.
- Confirmation of data with external sources.
- Tests to determine the lack of security.
12. Three System States for Auditor Participation:
- During the system design.
- During the operation phase.
- During the post-audit.
13. Reasons for High-Risk Delivery Systems:
They are susceptible to different types of economic loss, are high-cost systems, or are point systems or advanced technology.
14. Preliminary Investigation in Computer Audit:
Begin with a visit to the agency, the area of computer and computer equipment, and request a packet.
15. Levels to Request for Analysis and Sizing of the Structure to be Audited:
Total organizational levels, the fields of information, technical and material resources, and systems.
16. Most Important Element in Planning the Computer Audit:
Personnel involved.
17. Important Characteristics in Planning the Computer Audit:
Short-term objectives, manual of the organization, background, and general policies.
18. Documents to Request on Computers, Their Number, and Characteristics:
Material and technical resources.
19. Features of People Involved as Collaborators in the Audit:
Computer technician and experience.
20. Tool Available for Testing of Internal Control:
Using questionnaires, interviews, tours, and reviews.