In order to conduct a risk-based approach audit. We must understand the different
kinds of risks.
1.) Inherent risks - Risks that occur because of the nature of business. For example complex calculations are more easier to be misstated than simple calculations & money is more likely to be stolen than an inventory of coal.
2.)Control risks - The risk of a material error occurs that will not be prevented or detected timely by internal control systems. For example, the risk of overlooking massive volumes of log files is higher than automatic data validation by computer programs.
3.)Detection risks -The risk that an Information Systems Auditor uses inadequate test procedures and conclude that material errors do not exist when in fact they do.
Using statistical sampling, an IS auditor can quantify how closely the sample should represent the population and quantify the probability of error.
The use of statistical sampling helps minimise detection risks
Related Tags: cissp, cisa, IT audit, IT governance, IT compliance
No comments:
Post a Comment