Previous | Table of Contents | Next |
The last audit step in any audit is to perform a self-assessment of the audit and the audit process. This is part of the quality assurance activity in auditing. Quality assurance means looking at the process to determine whether it worked. If the audit process failed to work or worked ineffectively, action should be taken to initiate changes to that process. A failure to perform this step may mean that flaws in the audit process will remain through future audits, causing it to remain ineffective or become extremely time-consuming.
Quality assurance activities are divided into two parts. First, IT auditors look at the products of the audit, which is called quality control. Quality control is partially performed by the audit staff and partially by audit management. In addition, IT auditors determine the effectiveness of the process, which is called quality assurance. Quality assurance uses the results of the quality control review to assess deficiencies in the audit process. Quality assurance also provides an opportunity for the audit team to comment on the effectiveness and efficiency of the audit process.
This task involves reviewing the audit to ensure that all the steps and tasks specified for auditing computer applications have been performed properly. Quality control is similar to quality assurance (which involves the third-party review of the audit) except that with quality control, the audit team that conducted the audit performs the review. For most audits of automated applications, this task is performed throughout the audit process by the IT auditor in charge, typically at the completion of each step. Although each IT auditor assigned to an audit should be accountable for the quality of individual work, the IT auditor in charge has supervisory responsibility for overall audit quality.
Although quality assurance reviews are recommended for internal audit departments, only a small percentage of such departments actually use them. Most internal audits rely on quality controla line management responsibilityto ensure the quality of the audit. Although quality control is usually the responsibility of line audit management, the quality control process must be integrated into the audit process if audit resources are to be used effectively.
The audit team must evaluate the audit process that was used in conducting the audit. A member of audit management usually performs this quality assurance activity, although audit management can delegate the task to the audit team. This task identifies deficiencies and inefficiencies in the computer application audit process. Two activities are involved in this task. The first activity is to identify problems that have occurred during the audit. These problems should have been documented during the course of the audit. This activity recognizes that the problem occurred and records it for action purposes. The most common sources of problem identification are:
These problems should be recorded in a workpaper. This workpaper should include a number to identify the specific problem, the name of the audit problem, a brief description of the problem that should reference the location of the problem (i.e., a workpaper reference), and an estimation of the significance of the problem, with a potential solution to the problem if one can be determined at this time.
Previous | Table of Contents | Next |