To help determine whether a controls-reliant approach to auditing financial systems in a company should be used, which sequence of IS audit work is MOST appropriate?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The controls-reliant approach to auditing financial systems focuses on identifying and testing key controls within an organization's information systems to ensure the accuracy and completeness of financial information. In order to determine whether this approach is appropriate, an IS auditor should follow a specific sequence of audit work.
Option A, "Review of major financial applications followed by a review of IT governance processes," is not the most appropriate sequence because it assumes that IT governance processes are only relevant after the review of financial applications. However, IT governance is a crucial component of any controls-reliant approach and should be reviewed before or in parallel with the review of financial applications.
Option B, "Review of application controls followed by a test of key business process controls," is a more appropriate sequence. Application controls are designed to ensure the accuracy, completeness, and validity of financial data within specific applications, while business process controls are designed to ensure that key financial processes are performed correctly. By reviewing application controls first and then testing key business process controls, the auditor can determine whether the controls in place are sufficient to ensure the accuracy and completeness of financial information.
Option C, "Review of the general IS controls followed by a review of the application controls," is not the most appropriate sequence because it assumes that general IS controls are more important than application controls, which is not necessarily true. While general IS controls are important, they may not be directly relevant to the accuracy and completeness of financial information.
Option D, "Detailed examination of financial transactions followed by review of the general ledger," is not the most appropriate sequence because it assumes that the accuracy and completeness of financial information can be determined by examining individual transactions and the general ledger. While these are important components of financial systems, they do not necessarily reflect the effectiveness of controls within the system.
In conclusion, the most appropriate sequence of IS audit work to determine whether a controls-reliant approach to auditing financial systems in a company should be used is option B: "Review of application controls followed by a test of key business process controls." This sequence allows the auditor to determine whether the controls in place are sufficient to ensure the accuracy and completeness of financial information within specific applications and key financial processes.