Question

The primary method to evaluate the effectiveness of an information system’s controls is from conducting an information systems audit.

• Discuss what all an information systems audit does.
• Discuss what an audit trail is.

Answer 1

Information systems audit

An audit of information technology, or an audit of information systems, is a study of management controls within an architecture for information technology (IT). Assessing the evidence obtained defines whether the information systems secure property, preserve data integrity, and operate effectively to achieve the goals or objectives of the company.Such assessments may be performed in combination with an audit of financial statements, an internal audit, or any other form of dedication to certification.

IT audits are also known as automated data processing audits (ADP audits) and computer audits.They were formerly called electronic data processing audits (EDP audits).

An IT audit differs from an audit of the financial statements. While a financial audit's purpose is to evaluate whether the financial statements present fairly, in all material respects, an entity's financial position, results of operations, and cash flows in conformity to standard accounting practices, the purposes of an IT audit is to evaluate the system's internal control design and effectiveness.It covers performance and security protocols, development processes, and IT governance or supervision, but is not limited to.It is sufficient to install controls, but not enough to provide adequate security. Security officials must determine whether the controls are implemented as planned, whether they are successful, or whether there has been any breach of security, and if so, what actions can be taken to prevent future breaches.Independent and unbiased observers must respond to these inquiries. These observers carry out the task of auditing information systems. An audit is an examination of information systems, their inputs, outputs, and processing in an information systems (IS) environment.

AUDIT TRIAL

An audit trail is a step-by-step log that can track accounting or business information to its origin. Audit trails are used to check and monitor other types of transactions, including accounting and mutual fund trading. The audit trail is most often used when it is important to verify the accuracy of a product.Audit trails can be useful tools to assess the authenticity of an accounting transaction, fund origin, or exchange.

When an auditor has to check statistics such as sales, net earnings or earnings per share, audit trails can be used in accounting. Transactions involving the calculation of the revenue, net earnings or earnings per share of a company are reviewed and the calculations can be redone if the figures are incorrectly classified.

For example, the cost of selling merchandise is an expenditure subtracted in calculating net earnings from gross revenue. The cost of the sale amount of goods would be double-checked by checking the transactions and data sources that were used to calculate the cost of the sold goods.To check the final figure, all elements of the final numbers are double-checked along the audit trail. As part of their reporting responsibilities, all public companies are subject to financial audit.

In many different areas of finance, audit trails, or rather the method of following an audit trail, are found. For instance, a mortgage lender can use an audit trail to determine the source of funds for an down payment when buying a home. They may request to see a bank statement showing the deposit of funds into the account and request further verification of the source of the deposit.

When there are concerns about the authenticity or quality of trade data, the Securities and Exchange Commission (SEC) and NYSE will use audit trails to specifically recreate trade. This is to ensure that major exchanges take place in accordance with current regulations.