PHASES OF AN IT AUDIT (STUDY OBJECTIVE 6)

An IT audit generally follows the same pattern as a typical financial statement audit. There are four primary phases of the audit: planning, tests of controls, substantive tests, and audit completion/reporting. Exhibit 7-4 provides an overview of these phases.

Through each phase of an audit, evidence is accumulated as a basis for supporting the conclusions reached by the auditors. Audit evidence is proof of the fairness of financial information. The techniques used for gathering evidence include the following:

  • Physically examining or inspecting assets or supporting documentation
  • Obtaining written confirmation from an independent source
  • Reperforming tasks or recalculating information
  • Observing the underlying activities
  • Making inquiries of company personnel
  • Analyzing financial relationships and making comparisons to determine reasonableness

The various phases of the audits typically include a combination of these techniques.

AUDIT PLANNING

During the planning phase of an audit, the auditor must gain a thorough understanding of the company's business and financial reporting systems. In doing so, auditors review and assess the risks and controls related to the business, establish materiality guidelines, and develop relevant tests addressing the assertions and objectives (presented earlier). A process map of the planning phase of the audit is presented in Exhibit 7-5.

The tasks of assessing materiality and audit risk are very subjective and ...

Get Accounting Information Systems: The Processes and Controls, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.