Under most circumstances, financial auditors must plan tests that provide reasonable assurance that fraud does not exist. When an IT auditor is involved in an external financial statement audit, if they are following generally accepted financial audit standards, they must also perform tests providing reasonable assurance fraud does not exist. Consequentially, these requirements dictate following audit program fraud detection procedures for determining the extent of testing required and demonstrating auditor prudence. However, financial auditors commonly do not focus on the adequacy of IT general controls (ITGC). Instead, the emphasis is placed on IT application controls (ITAC). Nevertheless, given the impact of general controls on application controls, the IT auditor must vigorously pursue ensuring general control agreed-upon procedures are included in the fraud IT audit program.
“View Part I of the Irregularities and Illegal Acts Agreed-Upon Procedures Assessments series here“