Page 100 - CA Inter Audit PARAM
P. 100
CA Ravi Taori
What is the impact of these weaknesses on overall audit?
Report deficiencies to management – Internal Controls Memo or Management Letter.
Communicate in writing any significant deficiencies to Those Charged With Governance.
The auditor needs to assess each finding or exception to determine impact on the audit and evaluate if
the exception results in a deficiency in internal control.
QNA Definition of multiple terms #Unique Old Course --(SM20/SM21)
AAE.60
Explain the following terms in context of the audit of an Automated Environment :-
(a) Information Systems
(b) Material Weakness
(c) Privileged Access
(d) Segregation of Duties
(e) Significant Deficiency
(a) Information Systems
Refers to a collection of electronic hardware, software, networks and processes that are used in a
business to carry out operations and transactions.
(b) Material Weakness
A control deficiency or a combination of deficiencies in internal controls that is important enough
to merit the attention of those charged with governance since there is a reasonable possibility that
a material misstatement will not be prevented or detected in a timely manner by management.
(c) Privileged Access
A type of super user access to information systems that enforces less or no limits on using that
system.
(d) Segregation of Duties
A type of internal control that is implemented in a company to prevent two or more conflicting
functions from being assigned to or being carried out by the same person.
(e) Significant Deficiency
A control deficiency or a combination of deficiencies in internal controls that is important enough
to merit the attention of those charged with governance since there is a reasonable possibility that
a misstatement will not be prevented or detected in a timely manner by management.
Author’s Note:
Word Significant Deficiency is used in SA 265, word material weakness is not used in standard in
auditing. Material weakness term is generally in USA. Conceptually both the terms have the same
meaning.
QNO Definition of Multiple Terms (Second) #Unique Old Course -- (M21M)
AAE.65
With respect to audit in an automated environment, explain the following: (any four)
(i) Data Processing
(ii) ERP (Enterprise Resource Planning)
(iii) General IT control
(iv) Automated
(v) Direct Data change
Answer (i) Data Processing: Refers to the systematic recording, storage, retrieval, modification and
transformation of electronic data using information systems.
(ii) ERP (Enterprise Resource Planning):
A type of business application software that provides an integrated platform to automate multiple
interrelated business processes and operations.
(iii) General IT Control: Are a type of internal controls that help in mitigating risks that arise due to use
of information technology and information systems in a business.
www.auditguru.in 3.55
