CA Ravi Taori
         - Technical Expertise: A thorough audit might necessitate a source code review. Therefore, understanding the
         RPA tools is essential for auditors, especially when evaluating logs, access controls, and configurations. General
         IT controls remain relevant.

         Common Risks of RPA:
         - Operational Risks: Risks arise from improper deployment of robots, choosing incorrect tools, making false
         assumptions, neglecting security, and not defining clear responsibilities. Training and clarity on changing roles
         can mitigate such risks.
         - Change Management Risks: Inaccurate results stem from bypassing the change management lifecycle and
         insufficient testing.
         - Strategy Risks: Setting unrealistic goals, KPIs, and expectations can breed uncertainty. Comprehensive RPA
         understanding and analysis by management are crucial.

         RPA and Audit Standards Integration:
         Implementing audit standards like Standards on Auditing, IFCoFR, and IND AS ensures trustworthy financial
         reports  and  audit  procedures.  By  incorporating  RPA,  the  efficiency  and  accuracy  of  audits  can  be  notably
         enhanced. It's vital for RPA developers and auditors to collaborate, ensuring that RPA workflows are in line with
         these standards, which elevates the audit quality and client confidence.

         (CNO DAA.280) Control Considerations or Objectives Of Auditing Digitally
         Industry Awareness: Auditors should acquire a comprehensive understanding of industry changes and the IT
         environment to effectively evaluate management's transaction processes and design suitable audit procedures.
         Technology  Risk:  Auditors  should  assess  risks  associated  with  the  implementation  of  new  technologies,
         considering how these risks may differ from those of traditional, legacy systems.
         Expertise Requirement: Auditors should determine if digital upskilling or specialists, such as cybersecurity
         control experts or IT specialists, are needed to assess the impact of new technologies and understand the design,
         implementation, and effectiveness of controls.
         Some examples of technology risks where auditors should test the appropriate controls for relying on the
         digital systems (Similar to DAA.100 IT Risk)
         1. Access Control and Authorization:
            - The possibility of information technology personnel gaining access privileges beyond those necessary to
            perform their assigned duties, leading to insufficient segregation of duties.
             - Unauthorized access to data that might result in destruction of data or improper changes to data.
             - Unauthorized changes to systems or programs.

         2. Data Accuracy and Integrity:
             - Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both.
             - Unauthorized access to data that might result in destruction of data or improper changes to data, including
            the recording of unauthorized or non-existent transactions or inaccurate recording of transactions (specific
            risks might arise when multiple users access a common database).
             - Unauthorized or erroneous changes to data in master files.
             - Inappropriate manual intervention.

         3. Data Availability:
             - Potential loss of data or inability to access data as required.
         4. System Maintenance and Updates:
             - Failure to make necessary or appropriate changes to systems or programs.
             - Unauthorized or erroneous changes to systems or programs.


         www.auditguru.in                                                                                  12.16