Auditing and Internal Control
Review Questions
1. What is the purpose of an IT audit? Response: The purpose of an IT audit is to provide an independent assessment of some technology- or systems-related object, such as proper IT implementation, or controls over computer resources. Because most modern accounting information systems use IT, IT plays a significant role in a financial (external audit), where the purpose is to determine the fairness and accuracy of the financial statements.
2. Discuss the concept of independence within the context of a financial audit. How is independence different for internal auditors? Response: The auditor cannot be an advocate of the client, but must independently attest to whether GAAP and other appropriate guidelines have been adequately met. Independence for internal auditors is different because they are employed by the organization, and cannot be as independent as the external auditor. Thus internal auditors must use professional judgment and independent minds in performing IA activities. 3. What are the conceptual phases of an audit? How do they differ between general auditing and IT auditing? Response: The three conceptual phases of auditing are: i. Audit planning, ii. Tests of internal controls, and iii. Substantive tests.
Conceptually, no difference exists between IT auditing and general auditing. IT auditing is typically a subset of the overall audit; the portion that involves computer technology is the subset. 4. Distinguish between the internal and external auditors. Response: External auditors represent the interests of third-party stakeholders in the organization, such as stockholders, creditors, and government agencies. External auditing is conducted by certified public accountants who are independent of the organization’s management. Internal auditors represent the interests of management. Internal auditing tasks include conducting financial audits, examining an operation’s