Updated: Jan 3
Comprehensive audit & continuous audit
A comprehensive audit is a process of evaluating the key internal controls of operations, processes, or entities in accordance with applicable audit principles. A key step in a comprehensive audit is that the audit team collectively discuss risks, their impact, and the possibility of occurrence. A typical integrated audit procedure includes: identifying the risks faced by the audited area in the organization; identifying relevant key controls; checking and understanding the design of key controls; testing key controls supported by IT systems; comprehensive reports or opinions on control risks, designs, and deficiencies.
Continuous auditing uses a specific software system to continuously control the financial status of the enterprise to ensure that real-time transactions are under real-time supervision to avoid major financial losses and audit scandals. A continuous audit module is designed in the newly developed system to help auditors capture predefined events or directly check suspicious transactions and unexpected events. If the appropriate audit module is embedded in the traditional application system, the continuous audit function can also be realized. Some simplified continuous auditing and monitoring tools have been gradually integrated into ERP software packages, operating systems, and network security software packages. If the parameters are properly configured according to certain rules, when the system is processing actual data, it can output exception reports according to user requirements. The prerequisites for continuous auditing are highly automated. After an event under the audit theme occurs, the relevant process should be started automatically and with high reliability to generate the necessary information. When the control fails, an alarm must be triggered in time. Deploy highly automated audit tools and require auditors to participate in the setting of system parameters; the information system auditors must be quickly notified of the results generated by the automated procedures, especially when errors and abnormal situations are discovered, automated audit reports are issued quickly and in a timely manner.
Example: One of the main advantages of continuous auditing methods is:
A. No information system auditor is required to collect data on the reliability of the system
B. Information system auditors are required to review all collected information immediately and take follow-up measures
C. When processing a large number of transactions in a time-sharing environment, the security of the system can be improved
D. Do not rely on the complexity of the organization's computer system
Analysis: The use of continuous auditing technology can improve the security of the system when processing a large number of transactions in a time-sharing environment, but there is a lack of adequate documentation. Option A is incorrect because continuous audit technology requires auditors to collect evidence on the reliability of the system; Option B is incorrect because the information system auditor only needs to review and take follow-up actions after discovering important defects or errors; Option D is incorrect because the use of continuous auditing techniques depends on the complexity of the organization's computer system. According to the knowledge points of continuous auditing just learned, it can be seen that choosing C is correct.
The audit method refers to a series of written audit procedures designed to achieve predetermined audit objectives, which include audit scope, audit objectives, and audit steps.
The following table lists the various stages of a typical audit. The key result of the early stage of the audit process is the audit procedure. As a guide for the implementation of the audit, it records all the audit steps that should be followed, as well as the level and type of evidence materials checked.
Although the audit process does not have to follow a series of specific steps (IS auditors generally follow), it should at least gain an understanding of the audited entity, evaluate the control structure, and perform control tests.
Audit institutions should develop and approve a set of audit methods as the minimum steps that must be followed for all audit tasks.
All audit plans, procedures, activities, findings, and events should be properly recorded in the working paper.
The format and medium of the working papers can be appropriately changed according to the specific needs of the department. IS auditors should pay special attention to how to maintain the integrity of the audit test evidence and protect it to protect its value as supporting evidence of the audit results.
Work records can be regarded as the bridge or link between the audit objectives and the final report, as the track and support of the audit work. Work records can provide a seamless connection from target to report and from report to target. The audit report can also be regarded as a special working paper.