2. Recommended Readings
• CISA Review Manual, ISACA Publications
• Hunton, J.E., Bryant, S.M., and
Bagranoff, N.A., Core Concepts of Information
Technology Auditing, John Wiley & Sons, 2004.
• Champlain, J.J., Auditing Information
Systems, John Wiley, 2003.
• Lecture Notes
3. Information System Audit
• The government organizations have become
increasingly dependent on computerized
information systems to carry out their day-to-day
operations.
• IS Auditors evaluate the reliability of computer
generated data supporting financial statements
and analyze specific programs and their
outcomes.
• IS Auditors also examine the adequacy of controls
in information systems and related operations to
ensure system effectiveness.
4. Information System Audit (Con’d)
• IS Audit is the process of collecting and
evaluating evidence to determine whether an
information system has been designed to
maintain data integrity, safeguard
assets, allows organizational goals to be
achieved effectively, and uses resources
efficiently.
• Data integrity relates to the accuracy and
completeness of information as well as to its
validity.
5. Information System Audit (Con’d)
• An error in the calculation of Income Tax to be
paid by employees in a manual system will not
occur in each case but once an error is
introduced in a computerized system, it will
affect each case.
• A bank may suffer huge losses on account of
an error of rounding off to the correct number
of digits.
6. Information System Controls
• Controls in a computer information system
reflect the policies, procedures, and practices
designed to provide reasonable assurance that
objectives will be achieved.
• The controls in a computer information
system ensure effectiveness and efficiency of
operations, reliability of financial reporting
and compliance with the rules and
regulations.
7. Information System Controls (Con’d)
• General Controls
– controls over data center operations, system
software acquisition and maintenance, access
security, and application system development and
maintenance.
• Application Controls
– controls that help to ensure the proper
authorization, completeness, accuracy, and
validity of transactions, maintenance, and other
types of data input.
8. Significance of IS Controls
• The IS Controls overcome the following
problems.
– Data loss due to file damage, data corruption
(manipulation), fire, power failure (or
fluctuations), viruses etc.
– Errors in software which can cause damage as one
transaction in a computer system may affect data
everywhere.
– Computer abuse like fraud, negligent use etc.