Information systems necessitate a high degree of reliability and integrity considering the effect on decisions. This condition is a result of the frequent need to extract system-generated information as opposed to manually created information to aid in making business decisions. Hence, auditors need to convey timely opinions on both the quality of data and the information produced by systems utilizing digital processing techniques. Typically, analytical sampling procedures explore interrelationships and patterns of selected audit area items. As an IT auditor, data analysis software can is usable for performing audit sampling.
IT auditor audit evidence is collected, analyzed, interpreted, and documented to support audit results. Specifically, audit evidence endorses the unbiased basis for audit opinions, conclusions, and recommendations. Furthermore, evidence must meet the IT audit evaluation criterion of sufficiency, reliability, relevancy, and usefulness. Audit evidence persuasiveness evaluation is judged based on conditions – such as provider independence and supporting qualifications. The persuasiveness of audit evidence is particularly important when reaching assertion veracity conclusions.
Audit evidence sufficiency represents factual, adequate, and convincing information that a prudent and informed person would reach the same conclusion as the auditor. Reliable audit evidence requires information documented to be static when evaluated against audit objectives. Additionally, an IT auditor should attempt to obtain the best evidence available through appropriate audit techniques. Combined, if the auditor meets the reliability and best evidence requirements during an IT audit, evidence competency is attainable. Audit evidence relevancy requires information to support audit findings and recommendations as well as maintaining consistency with audit objectives. Useful audit evidence is information that assists the organization in meeting control objectives.