Information Technology Audit Process - Completing The Audit

Completing The Audit

Before choosing the appropriate audit report, the auditor must consider the following issues:

  • Review for Subsequent Events – two types of subsequent events require an evaluation by the auditor. They include:
  1. Type I events – events that provide additional evidence about the conditions that existed at the date of the balance sheet.
  2. Type II events – events that provide evidence about conditions that did not exist at the date of the balance sheet, but arose after that date.

Audit procedures used to review for subsequent events include asking management whether any unusual adjustments to their information systems have been made during the subsequent events period (after the completion of the audit, but before the audit report is issued), or obtaining a representation letter from management.

  • Final Evidential Evaluation Processes – audit steps performed by the auditor in this phase to determine the most appropriate audit report includes obtaining a representation letter, reviewing work papers, final assessment of audit results and obtaining an independent review of the engagement.
  • Communications with the Audit Committee and Management – communications should include significant audit adjustments, the auditor’s judgments about the quality of the entity’s accounting principles, disagreements with management, major issues discussed with management before the auditor was retained, difficulties encountered during the audit, and fraud involving senior management. Also, the auditor should discuss the draft of the audit report with management to give management the chance to correct any weaknesses or deficiencies before they are reported and released to the public. The auditor may decide to do this in the form of a Management Comment Letter.
  • Subsequent Discovery of Facts Existing at the Date of the Auditor’s Report – Auditing standards 561 provides guidance for auditors when facts have come to the auditor’s attention about the organization’s processes that might have affected the report had they known about them.

The auditor’s conclusion and findings, which are based on documented evidence, must be objective, measurable, complete, and relevant. The findings are disclosed to management in formal statements, typically an audit report. Any recommendations must be provided for each audit finding for the report to be useful to management.

Read more about this topic:  Information Technology Audit Process

Famous quotes containing the word completing:

    The inhabitants of St. John’s and vicinity are described by an English traveler as “singularly unprepossessing,” and before completing his period he adds, “besides, they are generally very much disaffected to the British crown.” I suspect that that “besides” should have been a “because.”
    Henry David Thoreau (1817–1862)