graduate student from 01.01.2022 to 01.01.2025
Russian Federation
The article examines the role of the IT review in assessing the internal control system (ICS) during external audit. The necessity of its application is justified due to the high dependence of financial statements on information systems (IS). Based on ISA 315, ISA 330, and international IT frameworks (COBIT 2019, ITIL 4, ISO/IEC 27001:2022, ISO/IEC 27002:2022, NIST SP 800-53 Rev.5), a methodological approach to conducting the IT review is proposed, including four stages and three possible types of conclusions. The proposed approach enhances the auditor’s professional judgment and helps optimize the scope of substantive procedures.
external audit, internal control system, IT review, digitalization, information technologies, control procedures
1. Karimallah H., Drissi H. Assessing the Impact of Digitalization on Internal Auditing Function. International Journal of Advanced Computer Science and Applications, 2024, vol. 15, no. 6, pp. 864–871. DOI: https://doi.org/10.14569/ijacsa.2024.0150687; EDN: https://elibrary.ru/KUTZGK
2. Vasarhelyi M. A., Kogan A., Tuttle B. M. Big Data in Accounting: An Overview. Accounting Horizons, 2015, vol. 29, no. 2, pp. 381–396. DOI: https://doi.org/10.2308/acch-51071
3. Küçükgergerli N., Sarıdoğan A. A. The Impact of IT Application Control on the Quality of the Audit Evidence: An Application Example. Muhasebe Enstitüsü Dergisi – Journal of Accounting Institute, 2022, no. 66, pp. 65–77. DOI: https://doi.org/10.26650/med.1020306; EDN: https://elibrary.ru/KABOPR
4. Kim D., Richardson V. J., Watson M. W. IT Does Matter: The Folly of Ignoring IT Material Weaknesses. Accounting Horizons, 2018, vol. 32, no. 2, pp. 37–55. DOI: https://doi.org/10.2308/acch-52031
5. Moffitt K. C., Rozario A. M., Vasarhelyi M. A. Robotic Process Automation for Auditing. Journal of Emerging Technologies in Accounting, 2018, vol. 15, no. 1, pp. 1–10. DOI: https://doi.org/10.2308/jeta-10589
6. ISACA. COBIT 2019 Framework: Governance and Management Objectives. Rolling Meadows, IL (USA): ISACA, 2019, 273 p.
7. AXELOS. ITIL® Foundation: ITIL 4 Edition. Norwich (UK): The Stationery Office (TSO), 2019, 224 p.
8. ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection — Information security management systems — Requirements. Geneva: ISO/IEC, 2022.
9. ISO/IEC 27002:2022. Information security, cybersecurity and privacy protection — Code of practice for information security controls. Geneva: ISO/IEC, 2022.
10. NIST SP 800-53 Rev. 5. Security and Privacy Controls for Information Systems and Organizations. Gaithersburg, MD (USA): National Institute of Standards and Technology (NIST), 2020.
11. International Standard on Auditing (ISA) 315 (Revised 2019) Identifying and Assessing the Risks of Material Misstatement. IFAC, 2019.
12. International Standard on Auditing (ISA) 330 The Auditor’s Responses to Assessed Risks. IFAC, 2019.
