Page 241 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 241
CA Ravi Taori
- Technical Expertise: A thorough audit might necessitate a source code review. Therefore, understanding the
RPA tools is essential for auditors, especially when evaluating logs, access controls, and configurations. General
IT controls remain relevant.
Common Risks of RPA:
- Operational Risks: Risks arise from improper deployment of robots, choosing incorrect tools, making false
assumptions, neglecting security, and not defining clear responsibilities. Training and clarity on changing roles
can mitigate such risks.
- Change Management Risks: Inaccurate results stem from bypassing the change management lifecycle and
insufficient testing.
- Strategy Risks: Setting unrealistic goals, KPIs, and expectations can breed uncertainty. Comprehensive RPA
understanding and analysis by management are crucial.
RPA and Audit Standards Integration:
Implementing audit standards like Standards on Auditing, IFCoFR, and IND AS ensures trustworthy financial
reports and audit procedures. By incorporating RPA, the efficiency and accuracy of audits can be notably
enhanced. It's vital for RPA developers and auditors to collaborate, ensuring that RPA workflows are in line with
these standards, which elevates the audit quality and client confidence.
(CNO DAA.280) Control Considerations or Objectives Of Auditing Digitally
Industry Awareness: Auditors should acquire a comprehensive understanding of industry changes and the IT
environment to effectively evaluate management's transaction processes and design suitable audit procedures.
Technology Risk: Auditors should assess risks associated with the implementation of new technologies,
considering how these risks may differ from those of traditional, legacy systems.
Expertise Requirement: Auditors should determine if digital upskilling or specialists, such as cybersecurity
control experts or IT specialists, are needed to assess the impact of new technologies and understand the design,
implementation, and effectiveness of controls.
Some examples of technology risks where auditors should test the appropriate controls for relying on the
digital systems (Similar to DAA.100 IT Risk)
1. Access Control and Authorization:
- The possibility of information technology personnel gaining access privileges beyond those necessary to
perform their assigned duties, leading to insufficient segregation of duties.
- Unauthorized access to data that might result in destruction of data or improper changes to data.
- Unauthorized changes to systems or programs.
2. Data Accuracy and Integrity:
- Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both.
- Unauthorized access to data that might result in destruction of data or improper changes to data, including
the recording of unauthorized or non-existent transactions or inaccurate recording of transactions (specific
risks might arise when multiple users access a common database).
- Unauthorized or erroneous changes to data in master files.
- Inappropriate manual intervention.
3. Data Availability:
- Potential loss of data or inability to access data as required.
4. System Maintenance and Updates:
- Failure to make necessary or appropriate changes to systems or programs.
- Unauthorized or erroneous changes to systems or programs.
www.auditguru.in 12.16