By: Catherine Chase
Instructor: Khatrina Higgs, CPA
Understanding the audit process and how auditors operate is vital since it informs IT managers how to develop an environment that is compliant. More importantly, this brief will discuss the role of the auditor and its responsibilities as well as expand on the role and responsibilities of management during and after the audit. This brief will also focus on the methodologies of how auditors conduct the IT audit process and the specifics that are involved in performing an audit as well as the responsibilities of management. Financial Audit vs. IT Audit
The primary objective of a financial statement audit is to ensure that an organization’s financial statements are presented in manner according to generally accepted accounting principles (GAAP). During an engagement, auditors of financial statements analyze a business entity’s internal control system to assess the degree to which it appears to be operating effectively. As an example, an internal control system might call for the separation of duties with respect to processing accounts receivables. In this situation, a financial auditor may inspect the job descriptions for these positions to ensure that the separation of duties exists (Canning, 2006).
The degree to which an organization has an effective internal control system influences the scope of work the auditor must do. This work includes substantive testing or verification of transactions and account balances, which in today’s complex IT environments necessitate an evaluation of the information system as part of the financial audit, and ensures that financial auditors have considered all risks and controls (Canning, 2006). Unlike a financial audit, a IT audit is an examination of the controls within an Information technology (IT) infrastructure. The evaluation of evidence obtained determines if the information systems are...