When you finish this chapter, you should: Describe the scope and objectives of audit work, and identify the major steps in the audit process; identify the six objectives of an information system audit, and describe how the risk-based audit approach can be used to accomplish these objectives; describe the different tools and techniques auditors use to test software programs and program logic. | Auditing Computer-Based Information Systems Chapter 11 11-1 Learning Objectives Describe the nature, scope, and objectives of audit work, and identify the major steps in the audit process. Identify the six objectives of an information system audit, and describe how the risk-based audit approach can be used to accomplish these objectives. Describe the different tools and techniques auditors use to test software programs and program logic. Describe computer audit software, and explain how it is used in the audit of an AIS. Describe the nature and scope of an operational audit. 11-2 Auditing The process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond with established criteria 11-3 Major Steps in the Auditing Process Audit planning Why, how, when, and who Establish scope and objectives of the audit; identify risk Collection of audit evidence Evaluation of evidence Communication of results 11-4 . | Auditing Computer-Based Information Systems Chapter 11 11-1 Learning Objectives Describe the nature, scope, and objectives of audit work, and identify the major steps in the audit process. Identify the six objectives of an information system audit, and describe how the risk-based audit approach can be used to accomplish these objectives. Describe the different tools and techniques auditors use to test software programs and program logic. Describe computer audit software, and explain how it is used in the audit of an AIS. Describe the nature and scope of an operational audit. 11-2 Auditing The process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond with established criteria 11-3 Major Steps in the Auditing Process Audit planning Why, how, when, and who Establish scope and objectives of the audit; identify risk Collection of audit evidence Evaluation of evidence Communication of results 11-4 Risk-Based Framework Identify fraud and errors (threats) that can occur that threaten each objective Identify control procedures (prevent, detect, correct the threats) Evaluate control procedures Review to see if control exists and is in place Test controls to see if they work as intended Determine effect of control weaknesses Compensating controls 11-5 Information Systems Audit Using the risk-based framework for an information systems audit allows the auditor to review and evaluate internal controls that protect the system to meet each of the following objectives: Protect overall system security (includes computer equipment, programs, and data) Program development and acquisition occur under management authorization Program modifications occur under management authorization Accurate and complete processing of transactions, records, files, and reports Prevent, detect, or correct inaccurate or unauthorized source data Accurate, complete, and confidential data files 11-6 1. Protect Overall .
