15.1 Audit objectives in computerised systems

The audit objectives in computerized systems are similar to those in manual systems, with the additional focus on the specific risks and controls associated with information technology. Here are some common audit objectives in computerized systems:

1. Reliability of Financial Information: The auditor aims to ensure that the financial information processed and reported by the computerized system is accurate, complete, and reliable. This involves assessing the effectiveness of controls over data input, processing, and output to minimize the risk of errors or fraud.
2. Compliance with Laws and Regulations: The auditor verifies that the computerized system complies with relevant laws, regulations, and industry standards. This includes assessing controls related to data privacy, information security, and other applicable regulations.
3. Safeguarding of Assets: The auditor examines the controls in place to protect the organization’s assets, including physical assets and digital assets stored in the computerized system. This involves assessing controls such as user access management, data encryption, and backup and recovery procedures.
4. Effectiveness of IT General Controls (ITGCs): The auditor evaluates the design and operating effectiveness of ITGCs, which are controls that govern the overall IT environment. These controls include security measures, change management processes, user access controls, and segregation of duties. The objective is to ensure that ITGCs provide a reliable foundation for the effectiveness of application controls.
5. System Availability and Continuity: The auditor assesses the controls and procedures in place to ensure the availability and continuity of the computerized system. This includes reviewing backup and recovery plans, business continuity measures, and disaster recovery procedures.
6. Data Integrity and Confidentiality: The auditor examines the controls implemented to ensure the integrity and confidentiality of data within the computerized system. This involves assessing controls related to data input validation, data transmission security, and data encryption.
7. System Development and Change Management: The auditor evaluates controls over system development and changes, including the processes for implementing new systems, modifying existing systems, and managing system updates and patches. The objective is to ensure that system changes are properly authorized, tested, and documented.
8. User Access Management: The auditor reviews controls related to user access management, including the assignment of user privileges, segregation of duties, and monitoring of user activities. The objective is to prevent unauthorized access to the system and ensure appropriate segregation of duties to reduce the risk of fraud.
9. IT Governance and Risk Management: The auditor assesses the organization’s IT governance framework and risk management processes. This includes reviewing the roles and responsibilities of IT personnel, IT policies and procedures, and risk assessment and mitigation measures.
10. Compliance with Service Level Agreements: In cases where the computerized system is outsourced or hosted by a third-party service provider, the auditor evaluates compliance with service level agreements (SLAs). This involves assessing the performance and security of the service provider and verifying that the services provided meet the agreed-upon standards.