Abstract
Ascertaining the degree of correspondence between audit area assertions or direct subject matter and audit criteria is a professional mandate. Under normal circumstances, audit area planning, study, and testing permit IT audit team members submitting working papers for review by the in-charge IT auditor. Preceding IT audit report preparation, the in-charge IT auditor must review documented inconsistencies and departures from applicable IT principles discovered during the engagement. Moreover, the in-charge IT auditor must apply an in-depth understanding of what constitutes appropriate audit evidence. Chapter 7 conveys evidential working papers expectations that assist in ensuring appropriate audit engagement fieldwork. Chapter 7 also discusses the assessment of audit findings and the evaluation of audit working papers.
TopEvidential Working Papers
IT audit team members need to fulfill professional responsibilities for working papers. Audit management must ensure appropriate working papers content and retention because the inscribed evidence is a crucial element in opining on an IT audit area. Inscribed retention expectations for IT audit working papers necessitate reflecting compliance with pertinent statutory mandates (Davis, 2011b). Moreover, ISACA (2013c) requires working papers to demonstrate evidence sufficiency and compatibility when completing engagement audit objectives. Identifying, classifying, registering, retaining, and preserving appropriate IT audit evidence is critical in discharging de jure as well as de facto audit standards (Davis, 2011b).
Key Terms in this Chapter
Transactions: Are events or information unified because they have a single, or similar purpose.
Safeguarding: Safeguarding is ensuring that organizational assets are acquired, utilized, and disposed of under proper responsibilities separation and protection procedures, as well as required approvals.
Key Performance Indicators: Are the success measures informing management concerning business specifications fulfillment.
Sarbanes-Oxley Act: Regulates enterprises, as defined by the Securities Exchange Act of 1934.
Reportable Condition: Conveys a material or significant weakness in which the design and operation of one or more control components do not reduce to a relatively low level the risk that errors, mistakes, omissions, irregularities, or illegal acts potentially occurring and not being detected within an acceptable time by employees in the normal course of their assigned duties. Moreover, for a reportable condition, causation by noncompliance or a performance measure, or aggregation of related performance measures does not matter.
Pervasive Control: Is a general control prevalent or spread throughout an engagement audit area.