信息系统审计基础培训.pptx
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
确保相关信息得到及时识别与传达的程序
•来自高管的信息 •政策与程序 •培训 •道德准则
对影响组织绩效的内外部因素的评估
▪业务风险管理 ▪程序风险管理 ▪内部审计风险评估
确定内部控制是否得到正确地设计、有效和因 地制宜地执行的程序
•管理分析 •披露委员会 •内部审计
确保风险管理措施得到及时执行的政策与程序
1.7
0.7
Summarize & Communicate the Audit Plan (Ch 16)
Perform Tests of Operating Effectiveness of Controls (Ch. 17) Perform Substantive Procedures [SAP (Ch. 18) &/or Tests of Details (Ch. 19)]
Assess and Manage Risk
Audit Quality
No Develop the Audit
Plan
Plan a focused level of substantive procedures (Ch. 15)
3.0
Perform the Audit Plan
5
ቤተ መጻሕፍቲ ባይዱ信息系统审计基础培训
Engagement Reporting (Ch. 26)
Assess Engagement Quality (Ch. 27)
No Plan an intermediate level of
substantive procedures (Ch. 15) 2.0
©2007 德勤华永会计师事务所
内部控制构成要素(COSO)
Plan to obtain audit evidence about the operating effectiveness of controls, in the current audit period or together with our
work performed in the prior 2 audits, & plan a basic level of sub-stantive procedures (Ch. 14 & 15)
Determine Planning Materiality (Ch. 11) Assess Risk at the Potential-Error Level (Ch. 12)
Specific Identified Risk (Ch. 12)
No Specific Identified Risk (Ch. 12)
– 独立性 – 综合性 – IT审计师资格 – IT审计报告 – 促进信息系统安全、可靠与有效
4
信息系统审计基础培训
©2007 德勤华永会计师事务所
IT审计 vs. 财务审计
Perform Pre- Engagement Activities
Assess & Respond to Engagement Risk (Ch. 3) Manage the Audit Engagement (Ch. 2) Select the Engagement Team (Ch. 4)
Conclude & Report
Perform Post-Engagement Activities
Design & implementation of controls was adequate (Ch. 9)
Yes
Plan to Rely on Operating Effectiveness of Controls (Ch. 13)
Perform Financial Statement Review (Ch. 21) Overall Evaluation of Misstatements & the Scope of our Audit (Ch.20)
Perform Subsequent Events Review (Ch. 22) Obtain Management Representations (Ch. 23) Prepare Audit Summary Memorandum (Ch. 24)
信息系统审计基础培训.
1
信息系统审计基础培训
©2007 德勤华永会计师事务所
课程目录
• 信息系统审计基础 • 通用计算机控制审计 • 应用系统控制审计 • 计算机辅助审计技术介绍 • 信息技术控制缺陷的评估 • 对外包服务商内部控制的考虑 • 交流与回答
2
信息系统审计基础培训
©2007 德勤华永会计师事务所
.
Yes
Yes
No
No
Plan to obtain audit evidence about the operating effectiveness of
controls, in the current audit period, & plan a moderate level of
substantive procedures (Ch. 14 & 15)
信息系统审计基础
3
信息系统审计基础培训
©2007 德勤华永会计师事务所
IT审计的定义
• 为了信息系统的安全、可靠与有效,由独立于审计对象的IT审 计师,以第三方的客观立场对以计算机为核心的信息系统进 行综合的检查与评价,向IT审计对象的最高领导,提出问题与 建议的一连串的活动。
• IT审计的要点:
Establish Terms of Engagement (Ch. 5)
Perform Preliminary Planning
Strategic Audit Planning (Ch. 6) Understand the Entity and Its Environment (Ch. 7.)
Understanding Internal Control (Ch. 8) Understand the Accounting Process (Ch. 9) Perform Preliminary Analytical Review (Ch. 10)
•授权审批 •普通程序和系统 •职责分隔 ••客 信息户技对术帐控制
组织的控制意识。“高层论调”
•道德准则 •成文的政策与程序 •文化评估