The primary objective of this study is to develop the best practices that provide management with a reasonable assurance that information assets and IT infrastructure of the organisation are protected and controlled in a manner that will ensure confidentiality, integrity and availability of information assets and technology that supports an organization.
Other objectives are to:
1. Enable IT auditors, newcomers to IT auditing who do not have a background in IT, functional, operational and financial auditors to update their technical and operational knowledge to audit information technologies.
2. Gain understanding of risk–based approach to IT auditing; that ensure the confidentiality, availability and integrity of information assets throughout the enterprise.
3. Identify control objectives and strategies which are evolving with changing technology.
4. Examine and evaluate data across complex environments.
5. Ensure compliance with the security policy.
6. Ensure the success of an effective and relevant audit.
INTRODUCTION
In today’s business environment, computers are continuing the revolution started in the 1950s. Size and capacity of the equipment grows on an exponential curve, with the reduction in cost and size ensuring that organizations take advantage of this to develop more effective and responsive systems, which allow them to seek to gain competitive advantage by interfacing more closely with their customers.Net technologies such as Electronic Data Interchange (EDI), Electronic Funds Transfers (EFTs), and E-commerce have fundamentally changed the nature of business itself and, as a result, organizations have become more computerdependent. It has become impossible for today’s enterprises of any size and in any market sector to exist without computers to assist with their fundamental business operations.
Technology can be defined as a body of knowledge required to execute a given activity in the world today.Information Technology(IT) has revolutionized the present world bringing about changes and impacting on every areas of human life. IT has transformed many professions and the accounting profession especially in an organization is not an exception in this regard. This is because auditing work is done using paper work but in recent years, IT has changed the way audit is performed in an organization. The introduction of concepts such as globalization, e-commerce, Internet technology and the rapid changes in global market demographics have made flexibility and reliability survival attributes of the corporation.
In general, to provide a good overview of the context of organization accounting we have to consider the crucial roles being played by the IT revolution in accounting system. Notable among these changes are the automation of auditing software called General Audit Software (GAS). There are two reasons why IT auditors should use General Audit Software (GAS) products, such as Audit Command Language (ACL).
Firstly, there is the focus on fraud in recent years, according to the Association of Certified Fraud Examiners (ACFE) and its 2009 "Report to the Nation" survey on fraud, more than 60 percent of all frauds are detected either by a tip or by accident. While internal audit has moved up on the list, there is clearly room for more proactive antifraud programs. One of the best ways to be proactive is to use a GAS to develop a cornucopia of computerized antifraud audit procedures that are run regularly against organizational databases.
Secondly, is that the demands on IT and internal auditors are increasing and auditors will need to become more efficient to fulfill all of the responsibilities and tasks assigned to them, and using GAS is one way to do so.This technology and its associated methods/techniques reduce the time auditors use to audit and also enable them to conduct their activities in a most efficient manner and retain its competitiveness.
Using ACL empowers the auditor to possibly have a better sense of direction in his/her audit procedures. The auditor will perform some audit procedures to gain an understanding of the data (e.g., using PROFILE, STATISTICS commands in ACL). During these procedures, the conscientious, trained auditor may spot an anomaly or red flag (e.g., negative amounts where there should be none). At that point, the auditor is focusing directly upon certain suspicious data and/or transactions. The data in ACL are locked down as read-only. There is no chance for the auditor to inadvertently change the data. This inadvertent risk is much higher for IT auditors who choose to use a spreadsheet for analyzing and presenting transactions. While one can lock cells or sheets in Microsoft Excel, there is still the possibility of human error. It is almost non-existent in ACL. Therefore, IT auditors could leverage their time and abilities into more productivity by becoming at least competent in a GAS product especially ACL.
In summary, there are many benefits to using ACL—it just becomes a matter of budgeting for the cost of the software and implementing the use of ACL effectively.
