Skip to Main Content
Understanding and Conducting Information Systems Auditing + Website
book

Understanding and Conducting Information Systems Auditing + Website

by Veena Hingarh, Arif Ahmed
March 2013
Beginner content levelBeginner
304 pages
8h 26m
English
Wiley
Content preview from Understanding and Conducting Information Systems Auditing + Website

Chapter Six

Risk-Based Systems Audit

THIS CHAPTER INTRODUCES THE concept of a risk-based information systems audit. Under the situation of resource constraint, an information systems auditor may be required to selectively review some functions of the auditee. In fact, even when there is no paucity of resources, the auditor may need to achieve optimal use of the resources deployed. Upon completing this chapter, we should be able to prioritize various functions in terms of their risk criticality and design the audit program so that we can focus more on the critical areas.

CONDUCTING A RISK-BASED INFORMATION SYSTEMS AUDIT

A risk-based information systems audit includes, in addition to testing of logic and transaction, an evaluation of risk engrained in management systems and control procedures established in various operations. Under a risk-based information systems audit, the focus shifts from exhaustive testing to a system guided by risk identification, prioritization of audit objects based on identified risks, and allocation of audit resources in line with risk assessment. Thus, the criteria for selecting an audit object shifts from the functionality of such an object to the risk associated with its failure. An information systems audit under a risk-based approach results in greater assurance that the entity is adequately geared to face the risks its information systems is exposed to.

A risk-based information systems audit consists of the following five steps:

1. Profiling of ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Information Security Management, 2nd Edition

Information Security Management, 2nd Edition

Michael Workman
Auditing IT Infrastructures for Compliance, 3rd Edition

Auditing IT Infrastructures for Compliance, 3rd Edition

Robert Johnson, Marty Weiss, Michael G. Solomon

Publisher Resources

ISBN: 9781118343777Purchase book