Page 22 - Auditinf Electronic System

P. 22

3) Assessment of Risk of Material Misstatement (IR and CR):
3/1: What is internal control in an IT environment:

The objectives of controls for an information system are similar to the
objectives of overall organizational internal controls. Internal control for
information and related technology is defined as “the policies, procedures,
practices, and organizational structures designed to provide reasonable assurance
that business objectives will be achieved and that undesired events will be
prevented or detected and corrected.” The ultimate responsibility for internal
control for information and related technology lies with management and the
board of directors.

The Frame work for information System controls depends on Both:
▪ The report of the Committee of Sponsoring Organizations, Internal Control –

Integrated Framework (COSO Framework).
▪ Control Objectives for Information and related Technology (COBIT),

authored by the IT Governance Institute and published by the Information

Systems Audit and Control Foundation (ISACF).

How does IT affect internal control. It results in
❑ Improvement in the internal control
❑ Introductory of new risks that needs new controls to mitigate

Improvement in the internal control Introductory of new risks
Adding new control procedures done by the Risks to hardware, software and
computer
data.

Replacing manual controls subject to human Reduced audit trail.
error

Higher-quality information is available Need for great IT experiences and
many IT personnel , due to the
need for segregation of IT duties.
Those risks can be managed by
using controls specific to IT
systems:

17 18 19 20 21 22 23 24 25 26 27