Page 149 - DCOM509_ADVANCED

Page 149 - DCOM509_ADVANCED_AUDITING

P. 149

Advanced Auditing

Notes  In this scenario, it is very important for accounting as well as auditing professionals to
know what the current IT trends are and how they would influence accounting and auditing
world.
 As dependence on computer system for carrying out business increases, maintaining
computer systems for their all-round availability for business becomes important, as
their non-availability can cause serious damage to organization’s interests and reputation.
 For electronically processing data, auditors depend on certain audit software tools, among
which, most important are General Audit Software (like ACL or IDEA). Many auditors
also use high-level languages like SQL (Structured Query Language) and industry specific
or embedded audit software tools developed for a particular application.
 Due to the increased dependence and consequent vulnerability of organizations on IT,
there is a need to keep efficient controls over Computer Systems. The two basic principles
on which internal controls are established are the principle of least privilege and that of
maker and checker.

 Management needs a framework for generally accepted IT security and control practices
to benchmark existing and planned IT environment.

 Operating System is an interface between user and computer. It manages memory, devices,
peripherals and various tasks; controls computer’s resources and provides base for writing
application programmes. The operating systems fall into categories of single user and
multi-user (network) environment. The most common type of single user operating system
is DOS (Disk Operating System).

 Windows NT identifies users and knows what each user is allowed to do. It can compare
the list of permissions of each user with its user id and determine what access is allowed
to each user.
 Relational database systems such as Oracle and Sybase provide for different types of
controls, the integrity of these is dependent on controls in any application programs that
process transactions against database.
 In RDBMS, database is distributed and may be accessed by different users simultaneously.
 General Audit Software (GAS) can also be used to accomplish following audit tasks: Examine
quality of data, Examine quality of system processes, Examine the existence of the entities
the data purports to represent, Undertake analytical review.

 Many auditing departments use technical specialists to locate and evaluate data sources.
These specialists provide the software tools to extract data, converting them into a form
that can be used by audit analytical tools.
 In some companies, information is stored according to specified standards that do not
change frequently and multiple audits may be performed on information in a common
format.
 Audit effectiveness is a partnership between regulators, audit firms, and the accounting
and auditing experts that lead and work for these firms. That is, audit effectiveness is a
function of both standards and performance.

 Through an audit, an organization can identify a system’s ineffectiveness, take corrective
action, and ultimately support continuous improvement.
 Unfortunately, a poorly deployed auditing system can lead to increased, non value-added
costs, many hours of wasted resources, and an eventual, inevitable QMS breakdown.

144 LOVELY PROFESSIONAL UNIVERSITY

144 145 146 147 148 149 150 151 152 153 154