Internal Audit Handbook（2007）C10-IT Audit.pdfVIP

Examples from Audit Practice at SAP C | 10 | 10.1 IT Audits Basics and System Configuration 10 IT Audits 10.1 Basics and System Configuration Key Po I nT s ••• • Internal and external compliance and reliability requirements on financial re- porting must be supported by a company’s information technology. • The extent of the IT audit is influenced by the domains of Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate. • Possible risks for an IT system include non-compliance, inconsistent data, user error, uncontrollability, and unreliability. • In addition to system tests, the organizational analysis of the IT system is a key component of IT audits. Section A (see Chapter 6.2.5) provides information about the significance of Inter- ITIT AuditsAudits atat s sAPAP nal Audit for companies that rely heavily on information technology. Especially in global software groups such as SAP, the reliability of information technology for the support of business processes is a key prerequisite for the achievement of corporate objectives. In addition, there are external requirements that place clear demands on information technology to ensure that the company’s financial reporting is compli- ant. IT auditors must observe various internal and external rules, including country specific rules, relating to the proper operation of IT systems, effective system con- trols, and the way in which computers, programs, and data are used. Information Technology