The role of internal financial auditing has grown considering information technology.

The role of internal financial auditing has grown considering information technology.

The process of auditing and reviewing accounts is one of the matters that guarantee the fairness, correctness, integrity and accuracy of accounting procedures, and the conditions for scientific and professional qualification when making the appointment of the auditor with the availability of technical capabilities to carry out the task of auditing and reviewing in accordance with the sound professional standards followed.

Many modern companies use information technology and rely on that technology to process data and information that conduct their business, or use them in the manufacturing or marketing aspects, or provide services or use them in the areas of knowledge sharing for everything that happens in the global economic market.

 With such importance that companies attach to the use of information technology, their use in the field of auditing has become an urgent need, for the accuracy of the electronic database they provide to the auditing service applicant, which is reflected in the credibility of the results.

 

Opportunities for a new auditing profession

The widespread use of the spread of computers and its various programs provides new opportunities for the profession of auditing and makes it able to provide various services to customers and provide special tools to solve various problems, and it has become obligatory for them to adapt to these new technologies in the operation by reducing the risk of information associated with that, by the auditors possessing technical knowledge That gives them the possibility of positive treatment.

 The process of auditing the use of information technology methods and the emergence of computerized systems has witnessed an increase in the interest of those in charge of auditing to serve different sectors, including the auditing sector, by seeking to provide a level of knowledge that leads to the acceptance of those in charge of information systems to use this technology because this is beneficial to internal and external auditors and even the recipients of the service.

 

International standards for internal auditing and the use of modern technologies

In its 2017 version, the Institute of Internal Auditors issued some new standards related to modern technologies, which are related to the professional practice of internal auditing. The standards developed by the Institute included a set of recommendations related to the use of electronic software in auditing, namely:

  • That the internal auditors have sufficient knowledge to deal with the risks and controls of information technology and a thorough knowledge of technology-based auditing techniques.
  • Auditors should consider the internal audit need to use technology-based auditing and various other techniques of data analysis techniques.
  • The need for the internal audit activity to assess the support and assistance that achieves the strategic objectives of the organization by the Information Technology Governance Department.
No alt text provided for this image

Benefits of using modern electronic systems.

  1. Independence in collecting information and data from the entity that is subject and without any harm to its data and programs.
  2. Assist in analyzing information and data that are consistent with the pre-set and specific objectives of the audit.
  3. The speed required in the process of collecting data and then processing it with the same speed, which improves performance and returns in the audit work by making use of the time used in the completion of the tasks related to the audit.
  4. The ability to deal with a large volume of data and information at the same time, in a dynamic way.
  5. Helps discover anomalies and anomalies in the data.
  6. It helps in identifying and detecting defects and weaknesses in the internal control systems.
  7. Availability of internal audit expenses that are spent on transportation and telephone in the case of companies that have branches in remote areas.
  8. It records and documents the stages of the audit.


Check Our Internal Auditing Services


The risk of using technology in auditing.

The types of these risks vary according to the complexity of using the technology, as there may be no physical protection for hardware and software and their exposure to cases of misuse, vandalism and environmental damage (such as fire, heat, and humidity), unauthorized access to electronically stored files, the possibility of changing them inappropriately, loss of data These are all risks that are stored centrally in electronic records, which require the establishment of strict control procedures.

No alt text provided for this image


Classifying the risks of using technology in an audit

The Information Audit Committee has classified the risk diversity of the International Audit Standards Committee into two types:

1.     Risks arising from the IT infrastructure:

  • Inadequate normal security measures to prevent unlawful access to information or inappropriate disclosure of it.
  • Exposure to high temperatures, water leaks, fires and other natural disasters.
  • Emergency procedures and plans are often inadequate and do not have the required safety measures.
  • Most of the infrastructures do not have adequate support measures and support, and do not have the necessary control to block and prevent attempts to access information.

 

2.     Risks that arise from IT applications:

  • Application errors and problems.
  • Insufficient input, processing and output controls. Uncoordinated or undocumented changes in programs. Designed around applications.
  • Insufficient procedures for securing software integrity related to IT infrastructure security.
  • The fraud risks associated with electronic commerce resulting from the existence of a commercial and financial commitment from fictitious companies, and the risks of information security, such as unauthorized access to data files, changing their contents, transferring them, or intercepting them before transferring, or disrupting the work of the system.
  • Risks of using electronic transfers for money laundering.
  • The absence of an international legal system that governs international commercial transactions through the global information network, the possibility of violating the privacy of users through piracy operations, the possibility of hijacking customer-related information as realistic credit cards and the site being vandalized or misrepresented.
  • The risks of completing deals and transactions related to the need to ensure the reliability of the information available on the networks.


These risks can be summarized.

1.     Human risk, which is resulting from:

  • System management error, computer error.
  • Programming error and analysis of systems and programs.
  • Unauthorized disclosure of information.
  • Unauthorized use of software systems.
  • Fraud, manipulation, and abuse.
  • The risks of viruses that lead to the destruction or distortion of information. 

2.     Material risks arising from:

  • Lack of suitable environmental conditions, such as power failure, or equipment failure due to humidity, heat, and water.
  • Risks of exposure to file, program and network access.
  • Incorrect maintenance of hardware and software.
  • Reducing information risk.

要查看或添加评论,请登录

社区洞察

其他会员也浏览了