Wednesday, 19 April 2017

IT Audit & Types of IT Audit

Software Application Development Company

The word ‘Audit’ coined from the Latin word ‘audire’ which means ‘to hear’. From the time of ancient Egyptians, Greeks and Romans, the practice of accounting and auditing existed. Auditing was executed in ancient India. Kautilya’s ‘Arthashastra’ existed in 4th century BC in Mauryan period and carries great importance. He stated that the head of finance and audit should independently and individually report the king.

The Comptroller and Auditor General Of India was formerly called the Accountant General to the Government of India in 1858 and later labelled as the Auditor General of India in 1860. The Constitution Act, 1950, re-designated the Auditor General as Comptroller and Auditor General. It is understood that the first practice of a computerized accounting system was at General Electric in 1954. The industry soon recognized that they needed to develop their own software and the first of the generalized audit software (GAS) was developed. Information Technology Auditing (IT auditing) began as Electronic Data Process (EDP) Auditing and developed basically as a result of the rise in technology in accounting systems.

In 1977, the first edition of Control Objectives was issued. This publication is now identified as Control Objectives for Information and related Technology (CobiT). CobiT is the set of commonly accepted IT control objectives for IT auditors. In 1994, Electronic Data Processing Auditors Association (EDPAA) reformed its name to Information Systems Audit and Control Association.

IT Audit is defined as the procedure of collecting and evaluating evidence to decide whether a computer system safeguards assets, maintains data integrity, allows organizational goals to be achieved effectively and uses resources efficiently.

Let’s look at various types of IT audit that are conducted in software companies in India:

  • Financial audits
A third-party inspection of a company's financial records and reporting initiates. Its objective is to review the financial statements; and to state whether these statements offer factual view of transactions performed by an organization.

  • Operational audits
A future-oriented, systematic, and independent assessment of organizational activities of software companies in India. Financial data may be used, but the key sources of evidence are the operational policies and accomplishments related to organizational objectives. Internal controls and efficiencies may be assessed during this type of review.

  • Integrated Audit
This is a grouping of an operational audit, department review, and IS audit application controls review.

  • Forensic audits
An investigation and evaluation of a firm's or individual's financial facts for use as evidence in court. A forensic audit can be conducted in order to accuse a party for fraud, misuse or other financial claims.

  • Investigative audits
This is an audit that takes place as a consequence of a report of unusual or doubtful activity on the part of an individual or a department of c# software company in India. It is usually engrossed on specific aspects of the work of a department or individual.

  • Compliance audit
compliance audit is an all-inclusive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants assess the strength and thoroughness of compliance. For example, you may decide whether the business is complying with U.S. Environmental Protection Agency (EPA) standards on the clearance of toxic waste. Or you may look at whether a credit card company is ensuing federal law with regards to charging its cardholders permissible fees and interest.

IT Audit helps ASP DOT NET software companies in India in numerous was such as:

  • Protecting assets-h/w, s/w, people, files
  • Preserving data integrity
  • Letting organizational goal to be accomplished effectively and using resources efficiently
  • Obeying the Compliances of Regulatory and Legal requirement
  • Nonstop improvement

Important terminologies used in IT Audit

Software Application Development Company

IT Audit is defined as the procedure of collecting and evaluating evidence to decide whether a computer system defends assets, maintains data integrity, allows organizational goals to be achieved effectively and uses resources efficiently.

Here are important terminologies used in IT Audit by majority of software companies in India:

Audit - An audit is an evidence collecting process. Audit evidence is used to assess how well audit criteria are being met. Audits must be objective, unbiased, and independent, and the audit process must be both systematic and documented.

Auditee - An auditee is an organization (or section of an organization) that is being audited. Organizations can comprise companies, corporations, enterprises, firms, charities, associations, and institutions. Organizations can be either incorporated or unincorporated and can be privately or publicly possessed.

Auditor - An auditor is a person who conducts the audits. Auditors gather evidence in order to evaluate how well audit criteria are being met. They must be objective, unbiased, independent, and proficient.

Audit client - An audit client is any person or organization that appeals for an audit. Internal audit clients can be either the auditee or audit program leader whereas external audit clients can include regulators or customers or any other stakeholders that have a legitimate or contractual right or responsibility to carry out an audit.

Audit criteria
- Audit criteria comprise policies, procedures, and requirements. Audit evidence is used to decide how well audit criteria are being fulfilled. Audit evidence is used to decide how well policies are being implemented, how well procedures are being executed, and how well requirements are being charted.

Audit evidence
- Audit evidence includes records, actual statements, and other certifiable information that is related to the audit criteria being used. Audit criteria contain policies, procedures, and requirements.

Audit findings - Audit findings are outcome from a process that evaluates audit evidence and equates it against audit criteria. Audit findings can demonstrate that audit criteria are being fulfilled (conformity) or that they are not being fulfilled (nonconformity).

Assertion - Assertions or management assertions in audit or auditing purely means what management claims. For example, if a management declares that internal controls are effective then it is an entitlement or assertion made by management.

Confirmations - The acceptance of a documented or verbal response from an independent third party.

- Reperformance involves rechecking a sample of the computations and transfers of data.  Rechecking of computations comprises testing mathematical accuracy.

Audit charter – It refers to a document arranged by an organization for internal control and audit, which clearly states the management’s responsibility, authority and accountability for IS audit. An audit charter is a charter that institutes an internal audit department for an existing software company in India.

Responsibility covers :
  • Mission
  • scope
  • Independence
  • Auditee’s necessity

Authority covers:
  • Right of access to information, personnel, locations and systems applicable to the performance of audits
  • Functions to be audited
  • Organizational structure, including reporting positions to board and senior management

Accountability addresses :
  • Designated/intended recipients of the report
  • Assessment of compliance with standards
  • Agreed completion dates
  • Agreed budgets
  • Agreed actions e.g. penalties when either party fails to carry out its responsibility.

Follow-up - Review of verdicts i.e. actions taken to resolve internal audit findings. They may be tested to ensure that preferred results were achieved.

Nowadays, IT auditing has become an integral part of almost any software company in India. This has created a mandate to know the implication of important terminologies that are used in IT audit.