Information Technology
Audit
Overview
Edhen O. Manzanares, CPA, CISA, CRISC
�The need for information
technology auditors far
outstrips the supply of
qualified candidates
Kenneth P. Laury and John F. Cronin. Need and Supply is Unbalanced,
Information Systems Control Journal, p.44
IT Audit Overview
�Salary Trends
IT Audit Overview
�Its not about the money
BUT IF YOU REALLY WANT TO KNOW...
IT Audit Overview
�Monetary Motivation
IT Audit Overview
�Its not about the money, money, money
The Institute of Internal
Auditors survey of 2012
showed that IT Auditors
with a CISA
certification earn a
higher salary than
those with the CIA
certification.
The main reason
behind this being the
CISA goes into greater
technical detail and is
more geared towards
information technology
in comparison to the
CIA.
�Robert Half Survey: IT Auditor vs
Internal Auditor Salary (2015)
1- 3 yrs experience
IT Audit Overview
4 + yrs experience
Source: https://itauditsecurity.wordpress.com/2013/03/04/cisa-vs-cia-certification/
�IT on Organizations
Enterprise Governance
Process of setting and implementing
corporate strategy, ensuring that the
organization achieves its objectives
efficiently and manage risks
IT Audit Overview
�IT ON ORGANIZATIONS
IT Governance
Objective is to set strategies for IT so that it
is closely aligned with organizational
goals and
To use it for maximum opportunity but
minimum risk
IT Audit Overview
�IT GOVERNANCE FRAMEWORK
Provide
Direction
IT Activities
Set Objectives
IT is aligned with the
business
IT enables the business &
maximize benefits
IT resources are used
responsibly
IT-related risks managed
appropriately
IT Audit Overview
Compare
Measure
Performance
Increases automation
(make the business
effective)
Decrease cost (make
enterprise efficient)
Manage risks (security
reliability and
compliance)
10
�IT & TRANSACTION PROCESSING
Businesses are involved in and affected by
many events. As these events occur, the
information system collects data about
them.
The information systems in an organization are
involved in a continual process of collecting
data about transactions and turning it into
information, which it reports to various
stakeholders.
IT Audit Overview
11
�IT & TRANSACTION PROCESSING
A computerized IS for transaction
processing may decrease some risks and
increase others.
Risk
IT Audit Overview
Information
System
Risk
12
�The work of an IT Auditor
Is there an internal IT auditor?
IT
auditors give assurance or provide
comfort over just about anything related to
information systems.
IT Audit Overview
13
�Types of IT Auditor engagements
Evaluating controls over specific applications.
Providing
assurance over specific processes.
Providing
third-party assurance.
Penetration
testing.
Supporting
financial audit.
Searching
IT Audit Overview
for IT-based fraud.
14
�Financial statement audit
VS IT Audit
FS AUDIT
evaluate whether
an organization is
adhering to
standard
accounting
practices
Information Technology Audit
IT AUDIT
evaluate the
system's internal
control design
and effectiveness
15
�Financial audit process
Develop an
understanding of the
client and perform
preliminary audit
work
Develop audit plan
Evaluate the internal
control system
IT Audit Overview
IT auditors evaluate
complexity of IT
IT auditors work with
financial auditors to
develop audit plan
IT auditors and financial
auditors jointly evaluate
the internal control
system
16
�Financial audit process
Determine degree of
reliance on internal
controls
IT auditors and
financial auditors
jointly determine this
Perform substantive
testing
IT auditors may perform
some data analysis or
CAAT routines to assist
financial auditors.
IT Audit Overview
17
�Financial audit process
Review work and issue
audit report
IT auditors review report
and write report to
management with ITrelated recommendations.
Conduct follow-up
work
IT auditors work with
management and financial
auditors on follow-up.
IT Audit Overview
18
�SAS No. 94
The effect of information technology on
the Auditors consideration of internal
control in a Financial Statement Audit.
Requires auditors to understand both manual
& computerized processes for FS preparation
and to recognize the additional risks and
benefits of IT relative to internal control.
IT Audit Overview
19
�Sarbanes-Oxley Act of 2002
Mandates that management assess and make
representation about internal controls.
Auditors will need to test those controls and
provide assurance about managements
representations.
IT Audit Overview
20
�Prepping for life after school
IT Audit Overview
21
�IT Audit Skills
Educational requirements
Certifications
Technical
General
IT Audit Overview
(CPA, CIA, CFE, CISA, CISSP)
Skills
Personal and Business skills
22
�What is the most important it audit skill?
IT Audit Overview
23
�IT auditing is a growing field. Technology
is changing daily and increasingly
impacting businesses and other entities.
So if IT is becoming more and more
pervasive and complex, and if the need
for auditing is on the rise, then IT auditors
are going to be in demand.
IT Audit Overview
24
