( 2) Processes in system audits The processes in system audits are as follows.
Planning Formulation of audit plan
Implementation Preliminary audit
Main audit
Preparation of system audit report
Reporting Opinion exchange meeting
Audit report meeting
Follow-up
●Formulation of system audit plan Research the company’ s business conditions and policies, problems with the information system, etc., and identify the purpose of the audit as well as the department and information system to be audited. In this step, the“ documented audit plans” are prepared. These include the“ documented medium- and long-term plan”, which covers a period of several years, the“ documented basic plan”, which covers the fiscal year, and the“ individual documented plans”, which cover individual audit items.
●Preliminary audit The“ preliminary audit” is carried out before the main audit in order to get a general grasp of the system. It involves meeting with the manager of the department to be audited and checking documents. It makes it possible to divide audit items into those that require a detailed investigation during the main audit and those that do not, and modify the individual documented plans that were prepared earlier.
●Main audit In the“ main audit,” a detailed audit, analysis, and review are carried out according to the items and procedures laid out in the system audit plan. The audit techniques generally include interviews, on-site inspections, document and record checks, and questionnaire surveys. The information obtained is kept as“ audit evidence.”
Reference
System audit standards“ System audit standards” provide the framework for carrying out an appropriate audit of information systems. They serve as the code of conduct expected of the system auditor when implementing a system audit.
Reference
Audit trail“ Audit trail” refers to the information system logs, user information logs, error logs, and other data. These are carefully reviewed to establish the reliability, security and efficiency of the system, which is the purpose of the audit. Since it is not possible to verify every single log, the necessary audit trail is selected at the time the system audit plan is formulated.
Chapter 6 Service management
148