Page 93 - CA Inter Audit PARAM

P. 93

CA Ravi Taori
➢ Shortcut to remember some situations in which IT will be relevant to an audit:
o H-ify CESS at PVR is relevant
➢ Text in ITALICS are examples by author for better understanding of answer.

QNO Understanding and Documenting Old Course -- (M18R/M18E/N19R/N19M/SM20/N21M/SM21/
AAE.15 Automated Environment- M22M/N22R/N23R/N23M)
Bhaskar CNO- AAE.060
List any five points that an auditor should consider to obtain an understanding of the Company's automated
environment.
OR
Understanding the entity and its automated environment involves understanding how IT department is
organised, IT activities, the IT dependencies, relevant risks and controls. Explain stating the points that an
auditor should consider to obtain an understanding of the company’s automated environment.
OR
Give some of the points that an auditor should consider to obtain an understanding of the company’s
automated environment:
Answer ➢ An auditor is required to understand the entity and its business, including IT as per SA 315
Understanding the entity and its automated environment involves understanding how IT
department is organized, IT activities, the IT dependencies, relevant risks and controls.

Text Examples
Location of IT systems - local vs global.
Their purpose ﬁnancial and non-ﬁnancial.
Information systems being used one or more application systems and what they are.
Version functions and risks could vary in diﬀerent versions of
same application.
In-house vs Packaged.
Architecture desktop based, client-server, web application, cloud
based.
Interfaces within systems in case multiple systems exist.
Key persons CIO, CISO, Administrators.
Outsourced activities IT maintenance and support.
•

Author’s Note
➢ Text in ITALICS are examples by author for better understanding of answer.

QNO IT Risks- Old Course -- (M18E/ N18M/ M19R/ N19R/SM20/ SM21/
AAE.20 Bhaskar CNO- AAE.080 N20E/N22R)
IT poses specific risks to an entity’s internal control. Explain
OR
The auditor should understand and consider the risks that may arise from the use of Information
Technology (IT) Systems.
OR
Having obtained an understanding of the IT systems and the automated environment of a company, the
auditor should consider the risks that arise from the use of IT systems. Explain.
Answer Part I -- Relevant Standards & Laws
▪ SA 315, Identifying And Assessing The Risk Of Material Misstatement Through Understanding The

Entity And Its Environment
Part II -- Requirements of Relevant Standards & Laws

IT system also poses specific risks to an entity’s Internal Control. They are–

➢ First Comes IT Personnel
• IT Personnel gaining access, Privileges beyond necessary

www.auditguru.in 3.48

88 89 90 91 92 93 94 95 96 97 98