23.5 The Role of Auditing

	Organizations know that comprehensive and systematic audits enable information systems security and controls to be effective.
	An MIS audit examines the security environment of the firm in addition to control governing individual information systems and data quality.
	The auditor should work for tracing the sample transactions flow through the system, also for performing tests, using, if appropriate, automated audit software.
	Technologies, procedures, documentation, training, and personnel are reviewed by security audits.
	Even attack or disaster will be simulated through audit to test the response of the technology, information systems staff, and business employees.
	All control weakness are listed and ranked by audit, even the probability of their occurrence are estimated and that help firms for assessing the financial and impact of each threat as shown in figure 23.2

23.5 The Role of Auditing

Figure 23.2 Sample Auditor's List of Control Weaknesses

23.5 The Role of Auditing

	This figure is a sample page from a list of control weakness that an auditor might find in a loan system in a local commercial bank.
	This form helps auditors record and evaluate control weaknesses and shows the results of discussing those weaknesses with management, as well as corrective actions taken by management.