IT Considerations in Integrated Audit By: Yusuf Musaji

IT Considerations in Integrated Audit

By: Yusuf Musaji

Audit Basics and the Integrated Audit

Objectives Recognize and understand key audit terminology

Describe the activities preformed in each phase of Y&A’s audit methodology

Describe key aspects of control testing Y&A’s audit methodology

Explain how an audit of internal control integrates with a financial statement audit to form the integrated audit

Identify the new and modified work papers required in the integrated audit workflow process

Demonstrate an awareness of activities preformed in each phase of the integrated audit

Module Introduction Audit Basics

Regulations and Key Concepts

Integrated Audit Methodology

Engagement Management Strategic Analysis

Process Analysis

SuPer

Wrap Up

Topics

Sec 2a: Introduction & Audit Basics

Sec 2b: Regulations & Key Concepts

Sec 2c: Overview of the Audit of Internal Control and Integrated Audit

Sec 2d: Strategic Analysis

Sec. 2e: Process Analysis

Sec 2f: SuPER

Sec 2g: Wrap-up

Audit Basics

Basic Audit Concepts Y&A’s Audit Methodology

Financial Statement Assertions (CEAVOP)

CompletenessExistenceAccuracyValuationObligation and RightsPresentation and Disclosure

Assertions can be remembered by CEAVOP

Module Introduction Audit Basics

Regulations and Key Concepts

Integrated Audit Methodology

Engagement Management Strategic Analysis

Process Analysis

SuPER

Wrap Up

Integrated Audit Overview

Module Introduction Audit Basics

Regulations and Key Concepts

Integrated Audit Methodology

Engagement Management Strategic Analysis

Process Analysis

SuPER

Wrap Up

Module Introductio

n

Audit Basics

Regulations and Key Concepts

Integrated Audit

Methodology

Engagement Managemen

t

Strategic Analysis

Process Analysis SuPER Wrap

Up

Workpapers

Business Understanding Document (BUD)

Planning Considerations Document (PCD)

Risk Analysis Document (RAD)

Evaluation of Management’s Assessment Process

Company and Business Level Controls Document

COSO

We document the COSO control component applicable to each control and use this information to ensure all COSO components are addressed for each SBR or SCOT

There may not be control environment controls within a process

IA – Substantive Procedures, Evaluation and Reporting

Material Weaknesses• Significant deficiencies that are strong indicators of a material weakness:

• Restatement of previously issued financial statements

• Identification of a material misstatement in the financial statements by an auditor

• Ineffective audit committee oversight

• Internal audit or risk assessment process is ineffective, if those functions are critical to company programs and controls

• Regulatory compliance function is ineffective in highly regulated industries

• Identification of any fraud by senior management

• Previously communicated significant deficiencies that remain uncorrected for a reasonable period of time

• Ineffective control environment

Evaluating Management’s Assessment of IT General Controls

IT General Controls Access to Program and Data

IT General Controls for Program Changes and Computer Operations

Company Level Controls

IT General Controls Program Development

Working Paper Documentation Requirements - FindingsFindings for systems that will not be implemented

during the first year will be categorized as “deficiencies.” You should make management aware of these deficiencies so that they can correct them prior to the system being implemented. These deficiencies should be carried forward on the SICD to the subsequent year

Deficiencies that are not resolved during the following year may result in a “material weakness.”

Use of Service Organizations

End-User Computing

Process/Application Level Controls

End-User Computing