IS Audit Function Knowledge

Information Systems auditing

is an ongoing process of evaluating controls; suggest security measures for the purpose of safeguarding assets/resources, maintaining data integrity, improve system effectiveness and system efficiency for the purpose of attaining organization goals

 

Understanding the organization’s business

Business Understanding refers to the profound knowledge and insight into the core aspects of an organization’s operations, its market, and its customers. It is the ability to grasp the intricacies of the industry, the competitive landscape, and the driving forces that shape the success of a business.

Understanding the organization’s business

Business Understanding refers to the profound knowledge and insight into the core aspects of an organization’s operations, its market, and its customers. It is the ability to grasp the intricacies of the industry, the competitive landscape, and the driving forces that shape the success of a business.

The Pillars of Business Understanding

  1. Industry Insights – Developing an in-depth understanding of the industry in which a business operates is crucial. This involves staying updated on emerging trends, studying market dynamics, and assessing the competitive landscape. By gaining insights into the industry, businesses can adapt and capitalize on new opportunities to stay ahead of the curve.
  2. Consumer Behavior – Weak online presence can hinder business growth. Encompasses mental and physical activities that consumers engage in when searching for, evaluating, purchasing, and using products and services
  3. Competitive Analysis – Thoroughly evaluating the strengths and weaknesses of competitors is vital for any business. Understanding the strategies and tactics employed by competitors helps identify gaps in the market and areas for differentiation
  4. Internal Operations – Comprehensive knowledge of internal operations enables organizations to optimize processes and resources. This includes understanding the company’s structure, its workflows, and the roles and responsibilities of its employees.
  5. Risk Assessment – Anticipating and mitigating risks is a crucial aspect of Business Understanding. By identifying potential risks and assessing their potential impact, businesses can develop contingency plans and take proactive measures to minimize any negative consequences.

 

The IS audit role

The role of IT audit will vary between companies, even if they are in the same industry. In other words, the role of IT audit cannot be made universal or equated to the whole company, this is because each company will have different IT audit universe and IT audit characteristics. The role of IT audit will depend on how the company defines IT audit universe and IT audit characteristics.

 

  • Objectively assess a company’s IT and/or business processes.
  • Assess the company’s risks and the efficacy of its risk management efforts.
  • Ensure that the organization is complying with relevant laws and statutes.
  • Evaluate internal controls that safeguard company assets and make recommendations on how to improve.
  • Assess business processes within organizations to identify improvements related to the accuracy, efficiency, reliability, and quality of the process and the resulting products and services.
  • Assure safeguards are in place to protect the organization’s resources.
  • Investigate fraud.
  • Document the results of audit procedures.
  • Communicate the findings, best practices, and recommendations to senior management.
  • Provide opinionson the overall results of internal audits (Unqualified, qualified, adverse, or disclaim).

Two types of Auditor

Internal IT auditor – These are often done to evaluate and improve the efficiency of existing systems, or to determine that information security policies and procedures are being followed correctly.

External IT auditor – who is not affiliated with your company. This type of audit is typically used by companies that want an unbiased opinion on their security measures or other aspects of their technology infrastructure, such as cloud storage solutions used by employees working remotely.

 

The IS auditor responsibility, authority and accountability

The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.

The Auditor authority refers to the access granted to carry out their audit effectively across every part that needed to be audited. To examine properly the organizations operational process, records and compliance in law.

 The auditor is, therefore, legally and criminally liable for fraud or breach of contract resulting from the audited financial statements. Accountability commands care, knowledge, and skills during accounting practice since a slight omission or an act is tantamount to professional negligence.

 

Code of professional ethics, laws, and regulations

The Code of Ethics states the principles and expectations governing the behavior of individuals and organizations in the conduct of internal auditing. It describes the minimum requirements for conduct and behavioral expectations rather than specific activities.

Code of Ethics — Principles

  • Integrity – The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.
  • Objectivity – Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.
  • Confidentiality –  Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
  • Competency – Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.

Rules of Conduct

  1. Integrity

1.1. Shall perform their work with honesty, diligence, and responsibility.

1.2. Shall observe the law and make disclosures expected by the law and the profession.

1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.

1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization.

 

  1. Objectivity

2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.

2.2. Shall not accept anything that may impair or be presumed to impair their professional judgment.

2.3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

 

  1. Confidentiality

3.1. Shall be prudent in the use and protection of information acquired in the course of their duties.

3.2. Shall not use the information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

  1. Competency

4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience.

4.2. Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.

4.3. Shall continually improve their proficiency and the effectiveness and quality of their services.

References

  • Ethics  | The IIA global Code of Ethics states the principles and expectations governing behaviors during internal auditing. (n.d.). https://www.theiia.org/en/standards/what-are-the-standards/mandatory-guidance/code-of-ethics/
  • Aziz, U. (2024, June 21). IT Audit Guide: Purpose, types, process, benefits, and tips. Linford & Company LLP.https://linfordco.com/blog/it-audit-guide/#:~:text=An%20IT%20audit%20is%20a,functioning%20as%20effectively%20as%20possible.
  • 2022 Volume 1 The Evolution of Information Systems Audit. (n.d.). ISACA. https://www.isaca.org/resources/isaca-journal/issues/2022/volume-1/the-evolution-of-
  • Cisa, I. C. |. C. (2023, June 7). What is an internal auditor: Role, duties, & certifications. Linford & Company LLP. https://linfordco.com/blog/what-is-an-internal-auditor/
  • Business understanding: Everything you need to know when assessing business understanding skills. (n.d.). https://www.alooba.com/skills/concepts/business-understanding/#:~:text=Business%20Understanding%20refers%20to%20the,the%20success%20of%20a%20business.
  • AU Section 110 – Responsibilities and functions of the Independent Auditor. (n.d.). Default. https://pcaobus.org/oversight/standards/archived-standards/pre-reorganized-auditing-standards-interpretations/details/AU110#:~:text=The%20auditor%20has%20a%20responsibility,caused%20by%20error%20or%20fraud.