Page 236 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 236
CA Ravi Taori
(CNO DAA.220) Remote Audit
Definition: A remote or virtual audit is an audit conducted via online or electronic means, either partially or
entirely. The auditor uses technology to gather audit evidence and review documentation, often with the
auditee's participation.
Planning: Audit planning and scoping are essential components of every audit. This process includes discussions
about the audit's scope and schedule, as well as the methods to be used.
Pandemic Impact: The COVID-19 pandemic has significantly altered the business landscape, necessitating
adjustments to processes. In this new context, remote audits have become increasingly appreciated by clients.
Considerations for remote audit:
Auditors must develop tailored strategies to ensure the remote audit meets the requirements and deliver results
equivalent to traditional onsite audits.
Feasibility and Planning
Feasibility: It's crucial to determine the technology to be used, ensure both auditors and auditees have the
necessary competencies, and confirm that resources are available.
Preparation: Planning involves agreeing on audit timelines, selecting the meeting platform (e.g., Zoom,
Microsoft Teams, Google Meet) for audit sessions, and determining data exchange mechanisms and access
authorization requests.
Execution: The execution phase of a remote audit includes video or teleconferencing with auditees. Audit
evidence documentation should be transferred via a document sharing platform.
Confidentiality, Security and Data Protection
1. VPN: When accessing the auditee's IT system, auditors should use a Virtual Private Network (VPN). A VPN
creates a safe and encrypted online connection, preventing unauthorized users from entering the network and
enabling remote work.
2. Data Security: To ensure data security and confidentiality, access to the document sharing platform should
be restricted and data should be encrypted when sent across the network. Once reviewed and documented by
the auditor, information should be removed from the platform and stored according to applicable archiving
standards and data protection requirements.
3A. No recording: Auditors must consider legislation and regulations, which may require additional agreements
from both parties. For example, agreements may stipulate no recording of sound and images, or authorizations
for using people's images.
3B. No screenshots: Auditors should not take screenshots of auditees as audit evidence. Any screenshots of
documents, records, or other types of evidence should be pre-authorized by the audited organization.
Risk assessment
Clear and consistent communication between auditors and auditees is vital during remote audits. Risks to audit
objectives must be identified, assessed, and managed. For each audit, the team and the audited organization's
representative should assess and document if a remote audit meets the objectives.
Advantages and Disadvantages of remote audit:
Advantages
(Shortcut: No Selection FEE)
No disruption: The time required to gather evidence can be spread over several weeks, reducing disruption to
daily activities.
Selection: Remote audits widen the selection of auditors from a global network of experts.
First-hand evidence: Auditors can obtain first-hand evidence directly from the IT system if direct access is
provided.
Flexibility (Enjoy Comfort): The audit team enjoys comfort and flexibility as they can work from a home
environment.
Efficiency: Remote audits are cost and time-effective due to the elimination of travel time and expenses.
www.auditguru.in 12.11