Wednesday, 19 April 2017

Important terminologies used in IT Audit

Software Application Development Company

IT Audit is defined as the procedure of collecting and evaluating evidence to decide whether a computer system defends assets, maintains data integrity, allows organizational goals to be achieved effectively and uses resources efficiently.

Here are important terminologies used in IT Audit by majority of software companies in India:

Audit - An audit is an evidence collecting process. Audit evidence is used to assess how well audit criteria are being met. Audits must be objective, unbiased, and independent, and the audit process must be both systematic and documented.

Auditee - An auditee is an organization (or section of an organization) that is being audited. Organizations can comprise companies, corporations, enterprises, firms, charities, associations, and institutions. Organizations can be either incorporated or unincorporated and can be privately or publicly possessed.

Auditor - An auditor is a person who conducts the audits. Auditors gather evidence in order to evaluate how well audit criteria are being met. They must be objective, unbiased, independent, and proficient.

Audit client - An audit client is any person or organization that appeals for an audit. Internal audit clients can be either the auditee or audit program leader whereas external audit clients can include regulators or customers or any other stakeholders that have a legitimate or contractual right or responsibility to carry out an audit.

Audit criteria
- Audit criteria comprise policies, procedures, and requirements. Audit evidence is used to decide how well audit criteria are being fulfilled. Audit evidence is used to decide how well policies are being implemented, how well procedures are being executed, and how well requirements are being charted.

Audit evidence
- Audit evidence includes records, actual statements, and other certifiable information that is related to the audit criteria being used. Audit criteria contain policies, procedures, and requirements.

Audit findings - Audit findings are outcome from a process that evaluates audit evidence and equates it against audit criteria. Audit findings can demonstrate that audit criteria are being fulfilled (conformity) or that they are not being fulfilled (nonconformity).

Assertion - Assertions or management assertions in audit or auditing purely means what management claims. For example, if a management declares that internal controls are effective then it is an entitlement or assertion made by management.

Confirmations - The acceptance of a documented or verbal response from an independent third party.

- Reperformance involves rechecking a sample of the computations and transfers of data.  Rechecking of computations comprises testing mathematical accuracy.

Audit charter – It refers to a document arranged by an organization for internal control and audit, which clearly states the management’s responsibility, authority and accountability for IS audit. An audit charter is a charter that institutes an internal audit department for an existing software company in India.

Responsibility covers :
  • Mission
  • scope
  • Independence
  • Auditee’s necessity

Authority covers:
  • Right of access to information, personnel, locations and systems applicable to the performance of audits
  • Functions to be audited
  • Organizational structure, including reporting positions to board and senior management

Accountability addresses :
  • Designated/intended recipients of the report
  • Assessment of compliance with standards
  • Agreed completion dates
  • Agreed budgets
  • Agreed actions e.g. penalties when either party fails to carry out its responsibility.

Follow-up - Review of verdicts i.e. actions taken to resolve internal audit findings. They may be tested to ensure that preferred results were achieved.

Nowadays, IT auditing has become an integral part of almost any software company in India. This has created a mandate to know the implication of important terminologies that are used in IT audit.

No comments:

Post a Comment