Page 94 - CA Inter Audit PARAM
P. 94
CA Ravi Taori
• The possibility of IT personnel gaining access privileges beyond those necessary to
perform their assigned duties thereby breaking down segregation of duties. (Approved
Purchase & Payment)
➢ Then comes Data
• Unauthorised Access to Data leading to destruction, unauthorised transaction, non-
existent transaction / Potential loss of Data
• Unauthorised access to data that may result in destruction of data or improper
changes to data, including the recording of unauthorised or non-existent
transactions, or inaccurate recording of transactions. Particular risks may arise
where multiple users access a common database.
• Potential loss of data or inability to access data as required. (Ransomware)
➢ Then happened processing
• Manual Intervention / Inaccurate Processing / Processing Inaccurate Data
• Inappropriate manual intervention.
• Reliance on systems or programs that are inaccurately processing data, processing
inaccurate data, or both. (TDS Calculator / NPA Calculator)
➢ If required Changes
• Failure to make Changes / Unauthorised changes to systems / Unauthorised changes
to Master Files
• Failure to make necessary changes to systems or programs. (Boss shifted to Office
365, Rest of the office on Office 2007)
• Unauthorised changes to systems or programs.
Unauthorised changes to data in master files.
QNO IT Risks (Impact)- Old Course -- (SM17/M18R/SM20/N20E/N21R/N21M/SM21/N22M/M23M)
New Course—(N23E/M24R)
AAE.25 Bhaskar CNO- AAE.100
Describe how risks in IT systems, if not mitigated, could have an impact on audit.
Or
Discuss the impact of IT related risks on Substantive Audit, Controls and Reporting.
OR
Elucidate the impact on substantive audit if IT related risks are not mitigated in an automated environment.
Answer The risks, if not mitigated, could have an impact on audit in different ways. Let us understand how:
➢ Impact on Controls:
Controls
• cannot rely on automated controls, system calculation and accounting procedures built
into applications.
• cannot rely on IT dependent manual controls.
Data reliability
• system data and reports should be tested substantively for completeness and accuracy.
• more substantive audit work is needed.
➢ Impact on Substantive Audit:
Data reliability & Effect on Audit Evidence
• cannot rely on the data obtained from system.
• system data and reports should be tested substantively for completeness and accuracy
• more audit evidence is needed.
➢ Impact on Reporting:
• communication to those charged with governance.
• modified auditors report.
➢ In all the above scenarios, it is likely that the auditor will be required to obtain more audit evidence
and perform additional audit work. The auditor should also be able to demonstrate how the risks
were identified and what audit evidence was obtained and validated to address these IT risks.
www.auditguru.in 3.49
