Share — Iraqi Digital Repository

دور المدقق في تقدير مخاطر التدقيق في ظل استعمال تقنية المعلومات بالتطبيق على مصرف الائتمان العراقي == The Role of Auditor in Assessing Audit Risks With the Use of Information Technology

Author name: سهاد صبيح فرج

Supervisor name: علي حسين علي الدوغجي

General topic: Administration and Economics

Specific topic: Accounting

Degree: Doctorate

University: University of Baghdad - Faculty Of Administration And Economics - Department Of Accounting

Language: Arabic

University location: Baghdad

First pages: 07T1669 - p.pdf

Abstract: The dissertation aims at studying and analyzing audit risks that influence the auditor’s responsibility when performing his auditory functions in an environment that relies on the information technology in performing the operating activities.The research has been based on a hypothesis which tells that the responsibility shouldered by the auditor requires that he defines the assessments of the audit risks in this environment.The researcher performs the applied part of the study in a private joint stock corporation. This part of the study is based on the analysis of the information technology risks and the assessment of the audit risks. This is done by means of an information survey gathering about the activities of the bank understudy. In addition to the procedures, instructions used by the bank to handle its transactions, an inquiry form prepared by the researcher about the applications of the information technology in the bank, and interviewing members of the staff of the information systems and internal control departments.The researcher arrives at a number of conclusions, the most important of which are : 1. From the perspective of the auditor, the controls of information technology systems are vital when they succeed in maintaining information integration with security of data they handle. The acquisition of reliable and proper information requires the availability of sundry varieties of controls that are performed to check theaccuracy and completeness of the transactions and their related authorization.2. There are a number of risks which are related to the reliance on the information technology. The most important among these risks are the risk of poor protection of hardware and software, the risk of weakening the ability of audit trail, the increase in the risk of structured errors vis - à - vis the risk of random errors, the risk of unauthorized access to main files and other records stored in an electronic format, and the increase in the risks of stealing the assets in the absence of suitable segregation and distribution of duties in an information technology environment.3. The absence of any clear - cut difference in the concept of the audit risks in manual and electronic processing alike.4. The fixity of the overall aim of auditing or its domain in the information technology environment. The purpose of auditing is still confined to obtaining a reasonable assertion of whether the financial statements are free from material misstatement so that the auditor will be able to state whether the preparation of these statements are consistent with the financial reporting being applied. The change in the creation, processing, and storage of data and financial information will surely influence adopted auditing procedures.The dissertation puts forward a number of recommendations, the most important of which are : 1. Assessing the information technology risks and the unauthorized access risks to the data and statements, the employment of more developed technologies in handling the bank activities and its control,in addition to assessing the risks of failure or breaking down of the information technology system.2. The auditor should exert more effort in the field of decreasing the auditing risks under the information technology system by means of using auditing methods that are consistent with the information technology of the economic entities.3. Developing an approach that is based on the analysis of the economic entity environment, defining the information technology risks, distributing it on internal control components, its analysis and assessment with the help of the model of information technology risks matrix, and the employment of auditing risks - related mathematical model to define the levels of auditing risks