IT








            • When the auditor obtains an understanding of the entity’s control
                activities, ISA 315, par 21, stipulates that the auditor must ALSO

                obtain an understanding of how the entity responds to risks
                arising from information technology (IT), as the use of IT affects
                the way in which control activities are implemented.


            • From an audit perspective, controls over IT systems are effective
                when they maintain the integrity of information and the security

                of the data and include effective general and application
                controls.

            • These controls (general and application) may be manual and/or

                automated controls. For both manual and automated controls,
                you have to be comfortable with the theory on business cycles as
                discussed in chapters 10 to 14 of Auditing Notes.


            • It is important for you to familiarise yourself with ISA 315, par A60
                to A66. These paragraphs deal with the characteristics of manual
                and automated elements of internal control.