Information Technology Audit and The Practice of The Turkish Court of Accounts

Abstract

Prevalent use of information technologies in both private and public sector has brought not only opportunities but also various challenges in terms of security, confidentiality, reliability and integrity of information. By the same token, it has led to a fundamental change in the internal control environment and nature of audit evidence. Hence, it has become compulsory to design new audit procedures in order for successful implementation of audits. This study broadly defines information technology audit and provides a comprehensive explanation of the experiences of the Turkish Court of Accounts and recommendations for supreme audit institutions (SAI)

Keywords

• Information Technology Audit, Turkish Court of Accounts.

Bilişim Teknolojileri Denetimi ve Türk Sayıştayı Uygulaması

Öz

Bilişim teknolojilerinin kamu ve özel sektörde yoğun kullanımı, fırsatlarla birlikte bilginin güvenliği, gizliliği, güvenilirliği ve bütünlüğü hususlarında birtakım güçlükleri de beraberinde getirmiştir. Aynı şekilde, iç kontrol ortamı ve denetim kanıtının doğasında ciddi değişikliklere yol açmıştır. Bu nedenle, denetimlerin başarılı bir şekilde yürütülebilmesi için yeni denetim prosedürlerinin oluşturulması zorunlu hale gelmiştir. Bu çalışma, genel hatlarıyla bilişim teknolojileri denetimini açıklamakta ve Türk Sayıştayının deneyimleri hakkında ayrıntılı bir izahat ve yüksek denetim örgütleri (YDK) için öneriler ortaya koymaktadır.

Anahtar Kelimeler

• Bilişim Teknolojileri Denetimi, Türk Sayıştayı

References

1. Ahmet Topkaya, (2011) “Management of Information Technologies and Audit Principles”, Journal of External Audit: July, August, September 2011, No. 5, pp. 23-36.
2. Anantha S. Sayana, (2002) “The IS Audit Process”, ISACA Journal: 2002, No.1 http://www.isaca.org/Journal/PastIssues/2002/Volume-1/Pages/The-IS-Audit-Process.aspx (Accessed at 09.05.2014).
3. Dan Schroeder and Tommie Singleton, (2010) “Implementing the IT-Related Aspects of Risk-Based Auditing Standards” , The CPA Journal: July 2010, pp. 66-71.
4. Davut Ozkul, (2002) IS Audit, Unpublished Master Thesis, Ankara.
5. European Court of Auditors –ECA, (2011) “Guideline for Audit of IT Environment”, Luxembourg: ECA.
6. Gartner, (2012) “Gartner Says Worldwide IT Spending On Pace to Surpass $3.6 Trillion in 2012”, http://www.gartner.com/it/page.jsp?id=2074815, (Accessed at 27.11.2013).
7. General Accountability Office – GAO, (2009) “Federal Information System Controls Audit Manual”, USA: GAO, http://www.gao.gov/new.items/d09232g.pdf, (Accessed at 10.05.2014).
8. Gürkan Akbaş, (2011) “Important of Basic IT Audit within a Financial Audit”, Journal of External Audit: July, August, September 2011, No. 5, pp. 9-16.

9. Information Technology and Innovation Foundation - ITIF, (2008), “Why Is the Digital Information Revolution So Powerful?” http://www.itif.org/files/DQOL-1.pdf (Accessed at 01.12.2013).
10. International Organization of Supreme Audit Institutions - INTOSAI, (1996) “IT Controls Student Notes”, Vienna:INTOSAI. International Organization of Supreme Audit Institutions – INTOSAI, (2002) “Information Technology Audit General Principles”, Vienna: INTOSAI http://intosaiitaudit.org/India_GeneralPrinciples.pdf (Accessed at 01.12.2013).
11. International Organization of Supreme Audit Institutions – INTOSAI, (2007) “Introduction to IT Audit”, Vienna INTOSAI. ISACA, (2007) COBIT 4.1, USA:ISACA.
12. ISACA, (2010) CISA Review Manual 2010, USA:ISACA.
13. ISACA, (2012) “ISACA Glossary of Terms”, USA:ISACA.
14. ISACA, (2013) “A Professional Practices Framework for IS Audit/Assurance”, USA: ISACA.
15. Jagdish Pathak, (2005) Information Technology Auditing, Germany: Springer.
16. Musa Kayrak, (2012a) “Information Technology Audit in the Context of Information Criteria”, Journal of Turkish Court of Accounts: October-December 2011, No. 87, pp. 143-167.
17. Musa Kayrak, (2012b) “IT Audit Training Notes to the Assistant Auditors of the TCA”, Ankara: TCA.
18. National Audit Office – NAO, (2002) “Auditing in an IT Environment”, UK: NAO.
19. Office of the Comptroller & Auditor General of India, (2006) “Manual of Information Technology Audit- Volume I”, http://saiindia.gov.in/english/home/Our_Process/Audit_Methology/Manuals/ITAM%20Vol_I.pdf (Accessed at 09.05.2014). Peter Hinnsen, (2012) The New Normal, Belgium: MachMedia.
20. Provitivi, (2013) “Hot Topics in Public Company Transformation”, http://www.protiviti.com/en-US/Documents/WhitePapers/Risk-Solutions/PCT-IPO-Readiness-Key-Market-Research-Trends-Protiviti.pdf (Accessed at 30.11.2013).
21. Sandra Senft and Frederick Galleos, (2009) Information Technology and Control (Third Edition), NewYork: CRC Press.
22. Turkish Court of Accounts, - TCA, (2012) SAYCAP User Manual, Ankara:TCA.
23. Turkish Court of Accounts, - TCA, (2013a) Answers to IT as Enabler Questionnaire, EUROSAI ISSAP Working Group, Ankara.: TCA.
24. Turkish Court of Accounts - TCA, (2013b). “Regularity Audit Manual”, Ankara: TCA.
25. Yigal Rechtman, (2009) “Evaluating Software Risk as Part of a Financial Audit”, The CPA Journal: June 2009, pp.68-71.