Abstract: This chapter introduces the concept of a risk-based information systems audit. Under the situation of resource constraint, an information systems auditor may be required to selectively review some functions of the auditee. A risk-based information systems audit includes, in addition to testing of logic and transaction, an evaluation of risk engrained in management systems and control procedures established in various operations. Under a risk-based information systems audit, the focus shifts from exhaustive testing to a system guided by risk identification, prioritization of audit objects based on identified risks, and allocation of audit resources in line with risk assessment. An information systems audit under a risk-based approach results in greater assurance that the entity is adequately geared to face the risks its information systems is exposed to. The risk management strategy focuses on understanding the inherent risks as they are the major obstacles to achievement of goals and objectives of the information system. An information systems auditor needs to have a complete understanding of the entire process in the auditee organization to be able to develop an appropriate audit plan for conducting a risk-based information systems audit.
Publication Year: 2012
Publication Date: 2012-01-02
Language: en
Type: other
Indexed In: ['crossref']
Access and Citation
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot