Online Courses
IS Auditing, Controls and Assurance
Online Courses
IS Auditing, Controls and Assurance
  • Information Systems Auditing, Controls and Assurance
  • Introduction to Information Systems (IS) Auditing
    • Risk in Information Systems (IS)
    • Risk Management Process
    • Identify Internal Controls
    • Quiz
  • General IS Audit Procedures
    • Understant the audit areas/subjects
    • Compliance Testing and Substantive Testing
    • Practice Quiz
    • Evidence
    • ISACA Outlines Five Steps to Planning an Effective IS Audit Program
    • Quiz
  • Business Application Development and the Roles of IS Auditors
    • What is business application development process / Systems Development Life Cycle (SDLC)?
      • SDLC Models
    • Feasibility and Requirements
    • Design and Selection
    • Development and Configuration
    • Configuration - Input/Output Controls
    • Implementation
    • Post-Implementation Review
    • Risks Associate with Application Development
    • Role of IS Auditor in SDLC
    • Quiz
  • IS Maintenance and Control
    • IS Maintenance Practices
    • Change Management
    • Documentation
    • Emergency Changes
    • IS Controls
    • Quiz
Powered by GitBook
On this page
  • What is the purpose of getting evidence?
  • How can we obtain evidence?
  • What is re-performance?
  • What are the determinants to evaluate evidence?
  • What are the techniques to get evidence?
  1. General IS Audit Procedures

Evidence

What is the purpose of getting evidence?

It is a requirement that the complience officer's conclusion is based on sufficient, competent evidence.

How can we obtain evidence?

  • Compliamnce officer observation

  • Notes from interviews

  • Internal documentation

  • Contract with external parties

  • Result of complience test

  • Re-performance

  • Confirmation

What is re-performance?

Re-performance is a technique used to gather evidence in the field of auditing. It involves manually calculating and comparing certain data or calculations to verify the accuracy and reliability of a system or process.

For example, let's say there is a payroll system in an organization that calculates employee salaries. A compliance officer can use re-performance to independently calculate the salaries manually, without relying solely on the system. By comparing the manually calculated salaries with the system-calculated salaries, the compliance officer can identify any discrepancies or errors. This helps ensure that the system is functioning correctly and that employees are being paid accurately.

Re-performance is a valuable technique because it provides an independent verification of data or calculations. It allows auditors to assess the reliability and accuracy of a system or process by performing the same calculations or processes manually. This helps in identifying any potential issues or irregularities that may not be apparent through other means of gathering evidence.

What are the determinants to evaluate evidence?

  • Independence of the provider of the evidence

  • Qualification of the individual providing the informatin or evidence

  • Objectivity of the evidence

  • Timing of the evidence

What are the techniques to get evidence?

  1. Review IS organization structures

  2. Review IS policies and procedures

  3. Review IS documentation

  4. Interview appropriate personnel

  5. Observe processes and employee performance

PreviousPractice QuizNextISACA Outlines Five Steps to Planning an Effective IS Audit Program

Last updated 8 months ago