Majoring Manufacturing IS Audit

The world of information system audit has changed dramatically. Presently, more and
more companies are turning to information technology to achieve their business targets. These
systems are often, however, vulnerable to attacks, fraud, and corporate scandals. For this reason,
information system auditors are typically expected to have a full understanding of both manual
and automatic internal system control processes. It is also critical that the auditor exercises
independence of opinion and judgment. Further, both external and internal auditors are expected
to adhere to the five principles of COBIT 5 system framework of; meeting stakeholders needs,
covering the enterprise end-to-end, applying integrated systems, enabling holistic approach and
separating governance from management (Champlain, 2003).
The whole organizational structure of Major Manufacturing is flawed. From the basis of
appointing the board of directors to top management financial transaction and information
disclosure practices. The principles of the profession's code of conduct of an external system
auditor expect me to act with impartiality and without any undue external pressure or favoritism,
in evaluating and documenting audit review (Weber, 1998). Past work or personal relationship
with the companys staff should not in any way influence the process of examining the
management control of the information system infrastructure. To perform this duty of assessing
systems for defaults and flaws, an auditor is required to have full knowledge of the auditing
standards, procedures and policies.
The rules for conducting any information system audit are outlined in a clear and concise
term in different professional organizations such as the Institute of Internal Auditors, IIA, the
American Institute of Public Certified Accountants, AIPCA, ISACA and the US General
Accounting Office, GAO. Of most significance, in this case, is the Sarbanes-Oxley Act of 2002,

which prohibits a consultancy firm from performing an IT audit on a system for which it
currently offers consultancy services or that it is responsible for its installation (Champlain,
2003). GAO auditing standards explicitly require the auditor to obtain sufficient, relevant and
competent evidence that computer-processed data are being used are reliable and valid.
The proposed system audit will be conducted in a multi-phased process. Before the actual
exercise, the audit team will have to come up with a plan and schedule for the entire process.
Preliminary investigation and studies will be conducted, in which the audit team will meet the
management and staff of Major Manufacturing to get their suggestion, complaints, and opinions
about the system. This exercise will then be followed by a thorough testing and evaluation of the
system performance, security, and control. The outcome of this evaluation will then be
documented and presented first to the board and relevant regulatory bodies for verification, and
approval of the solid recommendations. If changes are made on the currently flawed system,
follow-ups, and continuous monitoring will be carried out to ensure that the system is efficient
and reliable (Champlain, 2003).
In todays IT audit world, integrity, transparency and independence are imperative, if not
compulsory. As an independent auditor, one is expected to be liberal minded and free from any
bias. A genuine and fair report of Major Manufacturing is very essential, to protected the
company from scandalous information and financial practices by unscrupulous employees. The
profession is also guided by various principles, policies, and legislations that every auditor is
required to follow and abide. Adherence to these set standards marks the foundation of an honest
audit review.

Reference
Weber, R. A. (1998). Information systems control and audit. Pearson Education.
Champlain, J. J. (2003). Auditing information systems. John Wiley & Sons.