Subscribe to the Bombay Chartered Accountant Journal Subscribe Now!

August 2022

VULNERABILITY ASSESSMENT : A TOOL FOR INTERNAL AUDIT

By Rajendra Ponkshe, Chartered Accountant
Reading Time 17 mins
Internal auditing in the IT environment has been evolving rapidly, and modern auditors are updating their skills and tools to add value to their auditing function. It is no surprise that with more and more technological leaps in data processing, auditors have to keep abreast with technological advances. It is heartening to note that they are also not lagging in harnessing technology. Kudos to the internet revolution, pandemic situation and more complex frauds in the Fintech world.

New-age internal auditing is shifting its focus from transactional auditing to addressing risks of business processes. The audit scope has expanded and includes governance and executive management as well. More and more dimensions to their skills and challenges are waiting to be adopted. The auditor need not be a techie to unravel the mystery of technical frauds; he might as well depend upon the technical expertise within the organization or engage professionals with the required technical competency. What could be more satisfying than acquiring a little more technical knowledge and applying the same in auditing?

Auditing Standard SA 315 and International Auditing Standard ISA 315 (revised 2019) require the auditor to identify and assess the risk of material misstatement through an understanding of the entity and its environment.

Appendix 5 of ISA 315 contains illustrations about Understanding the Entity’s Use of Information Technolo