Page 230 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 230
CA Ravi Taori
(CNO DAA.100) Identifying the Risks Arising from Usage Of IT
How to identify the IT Risks?
(Shortcut: NCA)
IT Application Nature: The auditor should consider the nature of the identified IT application when identifying
risks arising from IT use.
Cybersecurity Risks: Risks related to cybersecurity are a significant concern in the use of IT.
Automated Application Controls: The volume or complexity of automated application controls can increase
IT risks.
Greater reliance by management on automated controls for transaction processing or maintaining information
integrity can lead to more IT risks.
Risks arising from use of IT
Law Related
Regulatory Compliance & Performance: The increasing use of IT in businesses elevates the risk of regulatory
compliance, as changes in laws or guidelines can impact costs and investments. Different sectors have unique
regulatory requirements, but all must manage compliance risks. IT system performance can be affected by heavy
data load and network usage.
System Related
1A. Integration and Compatibility Risks: Risks arising from system integration and compatibility, including
potential widespread failure due to a single system's malfunction, incorrect results from improper integration,
and compatibility issues due to different software versions or un-upgraded patches.
1B. Performance and Scaling Issues: Scaling, or adding resources to existing nodes, can address these issues but
may be costly, necessitating informed decision-making.
2A. Unauthorized Changes to Master File: Unauthorized changes to data in master files.
2B. Unauthorized Changes to IT applications: Unauthorized changes to IT applications or other aspects of the
IT environment.
3. Failure to Update: Failure to make necessary updates to IT applications or other aspects of the IT environment.
IT Personnel Related
IT Personnel Access Privileges: IT personnel gaining access privileges beyond their necessary duties, breaking
down the segregation of duties.
Data Related
Data Loss: Risks arising from data loss or corruption due to inadequate cybersecurity controls and protocols.
This includes potential system encryption by hackers, unauthorized system access, alteration of information,
physical security breaches, and theft of sensitive information.
Unauthorized Data Access: Unauthorized access to data leading to potential destruction or improper
alterations. This includes recording of unauthorized or non-existent transactions, or inaccurate recording of
transactions. Risks are heightened when multiple users access a common database.
Processing Related
Inappropriate Manual Intervention: Inappropriate manual intervention in IT processes.
System Downtime: Risks associated with IT system unavailability due to hardware failures, faulty
configurations, cyberattacks, or power outages, potentially disrupting business operations.
www.auditguru.in 12.5