IT Audit And Control: Planning And Impact Essay.

On successful completion of this unit, students will be able to:

Identify the organizational and managerial risks relevant to planning and conducting IT audit and control activities.

Describe audit methodologies and design review auditing and post implementation auditing in a regulatory environment.

Classify the basic IT controls and their impact on related business operations to manage business risks and ensure the system effectiveness.

Classify the organizational, authorization, operation, file and network communication security controls as part of disaster recovery and business continuity planning.

Demonstrate and understanding of the requirements of IT audits (including data forensics) and its relationship with corporate financial reporting.

Appraise emerging industrial trends in IT auditing and control and their impact on business operations for decision making.

Describe and discuss the professional, legal, and ethical responsibilities of an IT auditor.

A broad and coherent knowledge of the role of information requirements and technology innovation in today’s business and government.

Cognitive and creative skills in identifying and exploiting opportunities facilitated by technological innovation.

Through initiative and judgment in identifying and developing innovative technical solutions to problems in information system design and enterprise information architecture.

With responsibility and accountability for their own learning, professional practice and ethical standards, and in collaboration with others within a business or industry environment

Identifying Organizational and Managerial Risks

The information technology audit or IT audit is the process of examination as well as evaluation of the organisational IT infrastructure, operation as well as policies. To understand the use of use and impact of IT audit and control on the business the scandal of Satyam Computer Service audit report is being considered. This is one of the biggest scandals that took place in an IT company and for that effective audit report needs to be performed to understand the reason and the cause of scam and also its impact on the firm. The primary purpose of a paper is to provide understanding regarding IT audit and control planning.

Information technology is the rapidly growing technology in the world and for that, it also has various risk associated with the process. Information technology audit is the best way for the management control to maintain all the risk that is being faced by the management of the firm (Suryanto, 2016). The most common risk that could be identified in the organisational, as well as the managerial context that is relevant to IT audit, is the cyber-security, information security, mobile computing, IT skill within the internal auditors and the board along with the audit committee technology awareness. These are the vital risk that has a huge implication on the IT audit system and due to lack of this process, Satyam CEO has the equal chance to perform fraud in accounting for the continuous 7 years (Satyam Computer Services, 2018). It is highly essential for maintaining the internal control system of organisational and management actions to provide valuable security for the process. These risks are highly effective for the IT audit control to maintain the working function and the activity effectively in the IT firm.

The IT audit and control is essential for Satyam Computer service to maintain the information and the process of cyber-security (Thompson, Ravindran, & Nicosia, 2015). The information, the system was not safe and secure within the company as it can be seen that from almost 7 years the fraud took place. This is one of the biggest fraud in the history that made by the CEO of the firm. Proper planning of IT audit and control is essential for proper IT control activity and also the business process. It also helps to analyse the data integrity with the business goals and objective (Balachandran, 2015). In this process, the IT auditors generally examine the physical security controls along with the financial and the business control that is associated with the IT system. In general, the IT auditor has to face some of the challenges regarding the technology to perform their activity within the firm. In the case of Satyam Computer service the risk that is associated with the IT audit and control activity is the process of cloud computing, then the big data analytics, regulatory compliance, infrastructure management along with the cyber-security.

The methodology and the design of IT Audit provide an effective view of the process and the working function that internal audit performs to maintain the business from fraudulent. The primary process that could be visualised within the IT audit is the planning internal audit, then studying as well as evaluating the control. After that testing as well as evaluating the controls, then reporting, follow-up and the reports. It is eventually followed by the PwC for the internal audit process when the scandal of Satyam computer service in their account book broke (Dowling, & Leech, 2014). Maintaining the regulatory environment and the standard Accounting standard for the process of account bookkeeping is vital for auditing. The methodology of the auditing is effective for understanding the flaw and the risk that is generally associated with the IT Company. It is one of the best ways to figure out the scandal that took place in Satyam Computer Service. The auditor generally expresses their opinion on the annual accounts regarding the current state affair of the financial position of the firm. In the case of Satyam Computer Service, this effectively helps to understand the internal condition of the firm that they did not maintain the code of conduct and also utilised investor money for the personal business.

Audit Methodologies and Design Review Auditing

Information technology controls are quite essential for the firm to protect their assets, then the customers, partners as well as the sensitive information of the firm. One of the basic IT control action is to prevent the data loss as well as the privacy. The audit that makes a huge impact on the process is the data governance as well as the classification of the audit (Chen, Smith, Cao, & Xia, 2014). Another impact that is created on the data privacy is the audit of privacy regulation. Another IT control that is highly effective for the business is the IT asset management and the software management. In this process, the audit which makes an effective impact are the process and audit control then the review regarding the software licence and also the contract management assessment in the IT sector.

Organisational, operational and the network communication security is the most essential part within the business to perform their duty and also to provide the valuable working function. It can be seen that organisation like the information technology service provider need to maintain their network security control with an effective communication process to maintain the information. In the case of Satyam Computer services the major security control that needs to be provided for auditing process are the secure coding, then the security by design and also the proper encryption (Alreemy, Chang, Walters, & Wills, 2016). It is one of the most vital activities in the field of IT audit to maintain the organisational as well; as the operational function of the firm. The control system of the IT audit is performed effectively with the help of effective network security along with the business process within the field.

IT audit is one of the most effective and valuable processes within the corporate financial reporting system. It gradually helps to provide the valuable information regarding the financial condition of the firm and also its economic condition within the market. The data forensic audit allows the auditor for investigating the fraud that took place within the firm (Alles, Brennan, Kogan, & Vasarhelyi, 2018). In the case of Satyam computer services, it can be seen that the auditor have the lookout for the conflicts of interest for their data forensic audit. They also have to look for the system of bribery as well as extortion case within the firm. The data forensic help to understand the working process and the financial condition of the firm throughout the beginning of the firm. In the audit report, this is one of the vital aspects as this show the financial condition of the firm for each year. The data forensic audit system allows understanding the selling rate and also the rate of a share of the firm in the New York Stock Exchange.

Information technology auditing is rapidly increasing within the world as this provide effective control for the business to deal with their financial value and also with the working process. It is one of the most effective and vital processes for the business to make their decision on the various factors. IT audit process effectively allows the firm to understand the process of input and the output data and also help in providing an effective view on the data security (Byrnes et al., 2018). In the term of Satyam Computer Service, the IT audit was the most effective and the vital function to maintain their fraud and also manage the information in the most secure way. It is clear from the numerous facts that the IT audit in the recent world has a huge impact on the industry and the business process to make valuable decision numerous activity within the field.

The IT auditor has to maintain the legal as well as the ethical responsibility for performing their activity within the field. For performing the audit process it is essential to maintain the code of ethics as well as the legal attributes to provide effective document and report on the financial condition of the firm. The primary responsibility of the IT auditor in the audit process is to access all the legal documents and also effective information for the business process and all this need to be kept confidential while performing the reporting system (Yu et al., 2016). Security is the vital aspect of the firm in the term of IT audit and also for the auditors the network security and the cloud computing process is essential.

Conclusion 

The paper eventually concludes the fact that in the business process the IT audit is essential to perform the activity for understanding the network security within the firm. Moreover, it is also concluded that Satyam Computer Services would effectively develop their business process to maintain the activity and the working function of the firm in term of financial and economic condition.

References

Alles, M., Brennan, G., Kogan, A., & Vasarhelyi, M. A. (2018). Continuous monitoring of business process controls A pilot implementation of a continuous auditing system at Siemens. In Continuous Auditing: Theory and Application (pp. 219-246). Emerald Publishing Limited.

Alreemy, Z., Chang, V., Walters, R., & Wills, G. (2016). Critical success factors (CSFs) for information technology governance (ITG). International Journal of Information Management, 36(6), 907-916.

Balachandran, M. (2015). The Satyam scandal: How India’s biggest corporate fraud unfolded. Retrieved from https://qz.com/india/379877/the-satyam-scandal-how-indias-biggest-corporate-fraud-unfolded/

Byrnes, P. E., Al-Awadhi, A., Gullvist, B., Brown-Liburd, H., Teeter, R., Warren Jr, J. D., & Vasarhelyi, M. (2018). Evolution of Auditing: From the Traditional Approach to the Future Audit 1. In Continuous Auditing: Theory and Application (pp. 285-297). Emerald Publishing Limited.

Chen, Y., Smith, A. L., Cao, J., & Xia, W. (2014). Information technology capability, internal control effectiveness, and audit fees and delays. Journal of Information Systems, 28(2), 149-180.

Dowling, C., & Leech, S. A. (2014). A Big 4 firm's use of information technology to control the audit process: How an audit support system is changing auditor behavior. Contemporary Accounting Research, 31(1), 230-252.

Satyam Computer Services(Merged) History | Satyam Computer Services(Merged) Information - The Economic Times. (2018). Economictimes.indiatimes.com. Retrieved 11 September 2018, from https://economictimes.indiatimes.com/satyam-computer-services-ltd(merged)/infocompanyhistory/company-11407.cms 

Suryanto, T. (2016). Dividend policy, information technology, accounting reporting to investor reaction and fraud prevention. International Journal of Economic Perspectives, 10(1), 138.

Thompson, N., Ravindran, R., & Nicosia, S. (2015). Government data does not mean data governance: Lessons learned from a public sector application audit. Government information quarterly, 32(3), 316-322.

Yu, Y., Xue, L., Au, M. H., Susilo, W., Ni, J., Zhang, Y., ... & Shen, J. (2016). Cloud data integrity checking with an identity-based auditing mechanism from RSA. Future Generation Computer Systems, 62, 85-91.