Page 277 - DCOM509_ADVANCED_AUDITING
P. 277
Advanced Auditing
Notes the evidence and clues that will support or disprove the claim for damages is one of the
important roles of forensic accountants.
Providing Expert Evidence both Written and Oral: As forensic accountants, we are able to
provide expert evidence in written form and where necessary, support the opinions and
calculations in cross examination. Extensive experience in cross examination is vital, as
the strategies used by counsel varies considerably from case to case.
Independence: The expert evidence rules mean that an expert must give an objective,
unbiased opinion. This provides a stronger argument for acceptance by the Court. Where
reports are normally prepared by internal ‘experts’ on behalf of the either party, there can
often be questions concerning the independence of these ‘experts’ as they are typically
long-term employees of the body concerned.
14.3.7 IT Audit Basics
IT audit is a part of the overall audit process, which is one of the facilitators for good corporate
governance. While there is no single universal definition of IS audit, Ron Weber has defined it
(EDP auditing—as it was previously called) as “the process of collecting and evaluating evidence
to determine whether a computer system (information system) safeguards assets, maintains
data integrity, achieves organisational goals effectively and consumes resources efficiently.”
Information Technology is the lifeblood of any large business. As in years past, computer
systems do not merely record business transactions, but actually drive the key business processes
of the enterprise. In such a scenario, senior management and business managers do have concerns
about information systems. The purpose of IT audit is to review and provide feedback, assurances
and suggestions. These concerns can be grouped under three broad heads:
1. Availability: Will the information systems on which the business is heavily dependent is
available for the business at all times when required? Are the systems well protected
against all types of losses?
2. Confidentiality: Will the information in the systems be disclosed only to those who have
a need to see and use it and not to anyone else?
3. Integrity: Will the information provided by the systems always be accurate, reliable and
timely? What ensures that no unauthorised modification can be made to the data or the
software in the systems?
Elements of IT Audit
An information system is not just a computer. Today’s information systems are complex and
have many components that piece together to make a business solution. Assurances about an
information system can be obtained only if all the components are evaluated and secured.
Notes The proverbial weakest link is the total strength of the chain.
The major elements of IS audit can be broadly classified:
1. Physical and Environmental Review: This includes physical security, power supply, air
conditioning, humidity control and other environmental factors.
2. System Administration Review: This includes security review of the operating systems,
database management systems, all system administration procedures and compliance.
272 LOVELY PROFESSIONAL UNIVERSITY
