Practical Aspects of Auditing Your Client’s IT Environment – ISA 315

One of the reasons for the recent revision to ISA 315 is that Information Technology (IT) risks were not sufficiently addressed in the previous version of the standard, and were often overlooked by audit teams, sometimes leading to inappropriate levels of reliance on IT systems and the key outputs from those systems.

The revised standard requires all audit teams to understanding their client’s use of IT in their system of internal control.  Audit teams must also understand a client’s general IT controls (sometimes abbreviated to GITC or ITGC (IT general controls)) and evaluate these for design and implementation, as with any other relevant control.

This session will focus on some practical implications of the revised standard, looking at examples on how to tackle complex and non-complex IT environments and designing audit procedures over client generated reports, including spreadsheets.