Posted by: Robert Davis
AA, AICPA, Assurance Service, Attestation, Audit Assurance, Audit Opinion, CA, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, Chartered Accountant, CIA, CICA, CISA, CITP, CPA, Degree of Correspondence, Engagement, Evidence, IFAC, Information Technology, ISACA, IT, IT Audit, PM, Project Management, Reporting, The IIA, The IIC
The process utilized to ascertain ‘the degree of correspondence’ between assertions, or direct subject matter, and established criteria for IT audits is similar to that employed for manual audits; yet, slightly more complex. The process is similar because with these audit types, ‘the degree of correspondence’ requires objective and/or subjective judgment by the auditor as to what constitutes material noncompliance in the control system or error in information. The process is more complex for IT audits because the control system is commonly more sophisticated, and because it is generally more difficult to ascertain whether computer programs and data files provided to the auditor are those actually used; or bogus copies not actually invoked by the entity’s technology under examination. Consequently, to ensure an appropriate IT risk scoring, preceding audit report preparation, IT audit area findings analysis is performed.