THE CORE OF IT AUDITING
Group 4
Members : Salma Fida Hakima (C1I016003)
Iftifani Sayyida A (C1I016025)
Isty Fadielah Salim (C1I016029)
Nadiah Rizkiani M (C1I016038)
THE CORE OF IT AUDITING
IT auditors are
examining whether the relevant entities systems or business processes for
Achieving and monitoring compliance are effective. IT auditors also assesses
the effectiveness of the rules—whether they are suitably designed or sufficient
in scope to properly mitigate the target risk or meet the intended objective.
A.
Importance of IT Audit
In
order to increase the business value and become a market leader, various
industries have transformed their product and operations into the digital
ecosystem. In the era of digital transformation as it is today, the proper use
of IT is the best way to be chosen by a company. In other words, IT has become
a major instrument in the changing business. Therefore, the company must have
good competence and knowledge in IT investment selection and its
implementation. The company needs a systematic, independent and objective
insurance function to provide reasonable insurance, that is through the
practice of IT audit.
B.
Unique Inherent Risk
IT
presents risk factors that are unique to accounting, auditing and systems. That
is, IT itself brings risk to the entity regarding its systems, business
processes and financial / accounting processing. That risk is unique to IT and
without IT being present, that risk would not exist — at least not to the same
level. It takes a professional, such as an IT auditor, to identify and assess
the inherent risk associated with IT. Those risk factors include
systems-related issues, such as systems development, change management and
vulnerabilities, and other technology-specific factors. Apart from the IT
professionals, such risk can go unnoticed, to the detriment of the entity.
Entities truly need for IT auditors to evaluate their inherent risk of IT.
C.
The Role of Control
IT
auditors need to be wary of false security the control is effective enough to
mitigate the risk acceptable level. IT auditors should remember and keep in
mind that controls introduces a cost and a benefit. A key for IT auditors have
been seeking a balance between these costs (real / concrete and impact) and
benefits. Generally speaking, the higher the inherent risk, the higher the
interest control to mitigate that risk. IT need to, therefore, auditors
consider the level of inherent and residual risk when conveying recommendations
for controls. Last, controls are often embedded in technologies or systems. That
fact alone suggests that IT auditors need to be involved in assisting with the
design where independence allows it. It also suggests that IT auditors to
assess the effectiveness of the internal control system.
D.
Understanding The Real
Residual Risk
IT
auditors are help managers be good or great managers by understanding the real
residual risk and taking the the appropriate action is related to it. One
challenge in understanding the reality of residuals risk is to properly assess
risk and controls holistically. First, some are not tendency by some to
Overlook a manual control that has the potential to mitigate an IT-related
risk. Second, a residual risk that exists in one area may be effective control
in another area was addressed.
T. S. (2014).
The Core of IT Auditing. ISACA Journal,6.
B
R Aditya et al 2018 IOP Conf. Ser.: Mater. Sci. Eng. 407 012164
Comments
Post a Comment