Computer audit is a process of evaluating the effectiveness, confidentiality, integrity, reliability and availability of information systems. The process of computer audit usually includes the following steps:
1. Planning stage: At this stage, the auditor needs to know the business and technical environment of the audited system, evaluate the risks and make an audit plan. The audit plan shall include the scope, objectives, methods and timetable of the audit.
2. Control environment assessment: At this stage, auditors need to assess the control environment of the audited system, including management control, security control, application control and information technology infrastructure control. Auditors need to know the effectiveness and reliability of these controls to determine whether they can protect the information resources of the audited system.
3. Assess risk and internal control: At this stage, the auditor needs to assess the risk and internal control of the audited system. Risk assessment includes identifying potential threats and weaknesses, and evaluating the impact of these threats and weaknesses on the system. The evaluation of internal control includes determining the effectiveness and reliability of control, and evaluating whether these controls can prevent or discover potential threats and weaknesses.
4. Collecting evidence: At this stage, auditors need to collect evidence to evaluate the effectiveness, confidentiality, integrity, reliability and availability of the audited system. Evidence can include documents, records, reports, logs, emails, databases and other information resources. Auditors need to analyze and interpret the evidence and determine whether they support the audit conclusion.
5. Analysis and evaluation of evidence: At this stage, auditors need to analyze and evaluate the collected evidence to determine whether the audited system meets the expected standards and requirements. Auditors need to evaluate the reliability and validity of evidence and determine whether there are any potential problems or anomalies.
6. Write an audit report: At this stage, auditors need to write an audit report, including audit conclusions, findings, suggestions and suggested improvement measures. The audit report should be clear, accurate, operable and easy to understand, and should be customized according to the needs of the audience.
7. Tracking audit results: At this stage, auditors need to track audit results to ensure that audit recommendations and improvement measures have been implemented and achieved the expected results. Auditors need to keep in touch with the management of the audited system and other relevant parties, and conduct regular audit tracking and supervision.