ipl-logo

O-107568-A-8-9 Module 6 Critical Thinking

.pptx
School
Cosmopolitan College Of Education**We aren't endorsed by this school
Course
BUSN 4
Subject
Accounting
Date
Jan 13, 2025
Pages
9
Uploaded by rameezkhan4564
Audit PlanChristopher CozziColorado State University Global ACT 425: Information Systems For AccountingModule 6 Critical Thinking Option 2Dr. Jennifer Bolden
Background image
The Risk Assessment ProcessThe auditor will initially examine our existing procedures in practice in terms of risks related to financial statements, assessing the importance of those identified risks, evaluating the probability of them occurring, and then evaluating how to fix them for us. If there are some content misrepresentation threats that we have not detected, they must determine if there was an inherent danger that could have been discovered during the risk management process. If there was indeed an established and reported risk on our end, we would have to explain why our mechanism fails to detect it for the auditor, and only then should it be decided if our internal management and risk evaluation mechanism had a large enough weakness.
Background image
Five Audit MethodsInquiry: The auditors will talk with both management and staff about our internal controls. These conversations could be short or longer depending on theemployee, and the questions should be at random. Here, honesty is of upmost importance. A dishonest employee can lead to a lengthy audit and possibly unnecessarily so.Observation: Regular or daily activities are looked over and/or tested by the auditor. These activities could range from basic to more complex processes.Examination or Inspection of Evidence: The auditor will determine if known controls are being performed properly to code, which usually includesreviewing written documentation (employee manuals, visitor logs, and system databases are just some examples) (Hemmer, 2021).Re-performance: The auditor executes a control, for example, they could perform a simple task that one of our systems currently calculates automaticallyto make sure that the system is performing that specific task correctly each time (Hemmer, 2021). The auditor will probably test a control more than once for accuracy.CAAT: This is a software-based method for analysing vast amounts of data or any transaction rather than a sample of several transactions (Hemmer, 2021).
Background image
IT GovernanceIT governance is the practise of managing information and cybersecurity, which is critical to the credibility of all corporate operations and controls. A lack of IT governance could lead to data breaches, a loss of client confidence, and other problems. An IT audit will look over very precise IT risk evaluations and use them as a tool to evaluate the efficacy of IT controls (2020). The measurement of risk exposure and the consistency in internal controls of information technology production, procurement, deployment, and usage should be completed in order to maximise the likelihood that we will be able to spot IT-related issues when they occur (2020).
Background image
An Effective IT AuditAn effective IT audit will(2020):Identify as well as document all areas of potential IT risk or weaknesses in IT controls.Teach and encourage the importance of confidentiality of AIS to protect us from any possible external threats.Determine managements effectiveness in planning IT activities as well as our oversight and involvement of IT activities.Determine the compliance of IT policies, risk responses, and internal controls.Correct any known or discovered compliance issues.Identify any lacking internal controls as well as correct them.
Background image
Identifying Cybersecurity RisksBusiness and IT functions, IT risk control, and internal investigation are all part of cyber security risk management. These three factors can be used to organise employee duties, establish or change employee obligations, increase decision-making accountability, detect risks, and improve internal controls (2017).Risk assessment should be performed at all times, not just before and after audits. When properly carried out, these risk assessment practises demonstrate risk response by identifying and applying controls to minimise any IT risks, which is possible in an appropriate risk and control environment (2017). IT risk management encompasses the whole procedure of incorporating new regulations and practices checking that current or new practices are kept updated, adapting to new challenges, maintaining implementation and monitoring the efficacy of such processes and regulations.the audit monitoring (2017). This is often referred to as defining IT risk governance.
Background image
Internal Audit and CybersecurityThe internal audit will (2017):Work with management to develop and implement a cybersecurity strategy and policy.Determine places for progress in our ability to detect and manage cybersecurity risk. Raising consciousness of new internal and global cyber challenges.Ensure the appropriate safety risk is incorporated into the audit schedule.Examine our cybersecurity policy and procedures in relation to the NIST Cybersecurity Framework.Make it clear that cybersecurity detection and incident management must be a primary concern at all stages.Identify any IT or audit personnel and manpower constraints, and also any development or tool deficiencies. A lack of any of these would almost certainly have a detrimental effect on cybersecurity risk.
Background image
Components of Cyber PreparednessProtection: The internal audit will address every other weaknesses, while retaining an appropriate IT management is essential and preventive (2017).Detection: The internal audit uses data analytics along with other technology so that a risk can be detected as soon as possible (2017).Business Continuity: Preparation is essential for coping with multiple risk situations that may be impacted by a cyber attack (2017).Crisis Management/Communications: The internal audit can assist with plan development, provide assurance checks of the effectiveness andpromptness, and then, after crisis response plans have been adopted, provide observations and criticisms (2017).Internal auditing offers insight into areas that could require operational change (2017). Cybersecurity readiness will increase.not be successful unless we constantly develop our tactics and protocols in order to be more equipped for a potential attack (2017).
Background image
References2010. Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and it's Environment. [ebook]IFAC, pp.5-7. Available at: <https://www.ifac.org/system/files/downloads/a017-2010-iaasb-handbook-isa-315.pdf> [Accessed 20 February 2021].Auditing IT Governance. (2020, March 11). Retrieved February 21, 2021, from https://sbscyber.com/resources/auditing-it-governanceHemmer, N. (2021, January 13). Understanding audit procedures: Methods & test of controls. Retrieved February 21, 2021, from https://linfordco.com/blog/audit-procedures-testing/What is Internal Audit's role in cyber security? (2017, June 7). Retrieved February 21, 2021, from https://info.knowledgeleader.com/what- is-internal-audits-role-in-cyber-security
Background image