Data auditing

Last updated

Data auditing is the process of conducting a data audit to assess how company's data is fit for given purpose. This involves profiling the data and assessing the impact of poor quality data on the organization's performance and profits. It can include the determination of the clarity of the data sources and can be applied in the way banks and rating agencies perform due diligence with regard to the treatment of raw data given by firms, particularly the identification of faulty data. [1]

Data auditing can also refer to the audit of a system to determine its efficacy in performing its function. For instance, it can entail the evaluation of the information systems of the IT departments to determine whether they are effective in protecting the integrity of critical data. [2] As an auditing tool, it can detect fraud, intrusions, and other security problems. [3]

Related Research Articles

Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or at least reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g. electronic or physical, tangible or intangible. Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves:

Audit Systematic and independent examination of books, accounts, documents and vouchers of an organization

An audit is an independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form. When such an examination is conducted with a view to express an opinion thereon" It also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditing has become such a ubiquitous phenomenon in the corporate and the public sector that academics have started identifying an "Audit Society". Auditors perceive and recognize the propositions before them for examination, obtain evidence, evaluate the same and formulate an opinion on the basis of their judgement which is communicated through their auditing report.

Financial audit Type of audit conducted to ensure "financial statements" are in accordance with specified criteria.

A financial audit is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organisation. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.

Forensic accounting accounting of engagements from disputes or litigation which have or are expected to happen

Forensic accounting, forensic accountancy or financial forensics is the specialty practice area of accounting that describes engagements that result from actual or anticipated disputes or litigation. "Forensic" means "suitable for use in a court of law", and it is to that standard and potential outcome that forensic accountants generally have to work. It uses accounting. auditing and investigative skills to run an investigations for any case of theft and fraud. Forensic accountants, also referred to as forensic auditors or investigative auditors, often have to give expert evidence at the eventual trial. Their job is to catch the criminals of theft and fraud who appear at firms. All of the larger accounting firms, as well as many medium-sized and boutique firms and various police and government agencies have specialist forensic accounting departments. Within these groups, there may be further sub-specializations: some forensic accountants may, for example, just specialize in insurance claims, personal injury claims, fraud, anti-money-laundering, construction, or royalty audits.

A feasibility study is an assessment of the practicality of a proposed project or system. A feasibility study aims to objectively and rationally uncover the strengths and weaknesses of an existing business or proposed venture, opportunities and threats present in the natural environment, the resources required to carry through, and ultimately the prospects for success. In its simplest terms, the two criteria to judge feasibility are cost required and value to be attained.

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

A mainframe audit is a comprehensive inspection of computer processes, security, and procedures,with recommendations for improvement.

In business and accounting, information technology controls are specific activities performed by persons or systems designed to ensure that business objectives are met. They are a subset of an enterprise's internal control. IT control objectives relate to the confidentiality, integrity, and availability of data and the overall management of the IT function of the business enterprise. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls. ITGC include controls over the Information Technology (IT) environment, computer operations, access to programs and data, program development and program changes. IT application controls refer to transaction processing controls, sometimes called "input-processing-output" controls. Information technology controls have been given increased prominence in corporations listed in the United States by the Sarbanes-Oxley Act. The COBIT Framework is a widely used framework promulgated by the IT Governance Institute, which defines a variety of ITGC and application control objectives and recommended evaluation approaches. IT departments in organizations are often led by a Chief Information Officer (CIO), who is responsible for ensuring effective information technology controls are utilized.


An information security audit is an audit on the level of information security in an organization. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized to technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases and highlights key components to look for and different methods for auditing these areas.

Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives, assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring process. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.

ISACA is an international professional association focused on IT governance. On its IRS filings, it is known as the Information Systems Audit and Control Association, although ISACA now goes by its acronym only.

Database security concerns the use of a broad range of information security controls to protect databases against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical.

Certified Information Technology Professional (CITP) is a professional certification for Certified Information Technology Professionals The CITP credential recognizes technical expertise across a wide range of business-technology practice areas.

Internal audit an independent, objective assurance and consulting activity designed to add value to and improve an organizations operations

Internal auditing is an independent, objective assurance and consulting activity designed to add value to and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing achieves this by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.

Governance, risk management and compliance (GRC) is the term covering an organization's approach across these three practices: Governance, risk management, and compliance. The first scholarly research on GRC was published in 2007 where GRC was formally defined as "the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity." The research referred to common "keep the company on track" activities conducted in departments such as internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite and the board itself.

Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

Continuous auditing

Continuous auditing is an automatic method used to perform auditing activities, such as control and risk assessments, on a more frequent basis. Technology plays a key role in continuous audit activities by helping to automate the identification of exceptions or anomalies, analyze patterns within the digits of key numeric fields, review trends, and test controls, among other activities.

Control self-assessment

Control self-assessment is a technique developed in 1987 that is used by a range of organisations including corporations, charities and government departments, to assess the effectiveness of their risk management and control processes.

References

  1. Kolb, Robert W. (2010-09-09). Lessons from the Financial Crisis: Causes, Consequences, and Our Economic Future. John Wiley & Sons. ISBN   9780470622414.
  2. Gertz, Michael (2013). Integrity and Internal Control in Information Systems V: IFIP TC11 / WG11.5 Fifth Working Conference on Integrity and Internal Control in Information Systems (IICIS) November 11–12, 2002, Bonn, Germany . Dordrecht: Springer. pp.  188. ISBN   9781475755350.
  3. Vallabhaneni, S. Rao (2015-01-20). Wiley CIAexcel Exam Review 2015 Focus Notes, Part 3: Internal Audit Knowledge Elements. Hoboken, NJ: John Wiley & Sons. p. 431. ISBN   9781119095194.