IS Audits

An information system (IS) audit or information technology(IT) audit is an examination of the controls within an entity's Information technology infrastructure. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

  1. IT Governance Audits
  2. Information Systems Audits
  3. Integrated Audits
  4. Controls Self-Assessments
  5. Compliance Audits

We collect and evaluate the evidence of an organization's information systems, practices, and operations. Obtain evidence whether the organization's information systems safeguard assets, maintains data integrity, and are operating effectively and efficiently to achieve the organization's goals or objectives.

1. Audit Planning

In this phase we plan the information system coverage to comply with the audit objectives specified by the Client and ensure compliance to all Laws and Professional Standards. The first thing is to obtain an Audit Charter from the Client detailing the purpose of the audit, the management responsibility, authority and accountability of the Information Systems Audit function.

2. Risk Assessment and Business Process Analysis

We follow a risk-based audit approach. This approach is used to assess risk and to assist an IS auditor’s decision to do either compliance testing or substantive testing. In a risk based audit approach, IS auditors are not just relying on risk. They are also relying on internal and operational controls as well as knowledge of the organisation.

3. Performance of Audit Work

In this phase we conduct the audit, collect the evidence and document our audit work. We achieve this objective through:

Establishing an Internal Review Process where the work of one person is reviewed by another, preferably a more senior person.

We obtain sufficient, reliable and relevant evidence to be obtained through Inspection, Observation, Inquiry, Confirmation and recomputation of calculations

We document our work by describing audit work done and audit evidence gathered to support the auditors’ findings

4. Audit Reporting

Upon the performance of the audit, the QRC Information Systems Auditor is produces and appropriately report the results of the IS Audit.

  • Standardization of information systems.
  • Improve business efficiency.
  • Improve system and process controls.
  • Plan for contingencies and disaster recovery.
  • Manage information & developing systems.
  • Prepare for the independent audit.
  • Evaluating the effectiveness and efficiency related to the use of resources.
  • Reduce risk and enhance system security
  • Prevent and detect errors as well as fraud