What is an IT Audit?

An information technology audit, or information systems audit, is an examination of the management controls within an Information Technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organisation’s goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

IT audits are also known as “automated data processing (ADP) audits” and “computer audits”. They were formerly called “electronic data processing (EDP) audits”.

An IT audit is different from a financial statement audit. While a financial audit’s purpose is to evaluate whether an organization is adhering to standard accounting practices, the purpose of an IT audit is to evaluate the system’s internal control design and effectiveness. This includes, but is not limited to, efficiency and security protocols, development processes, and IT governance or oversight.

Installing controls are necessary but not sufficient to provide adequate security. People responsible for security must consider if the controls are installed as intended, if they are effective in case any breach in security has occurred and, if so, what actions can be done to prevent future breaches. These enquiries must be answered by independent and unbiased observers. These observers are performing the task of information systems auditing. In an Information Systems (IS) environment, an audit is an examination of information systems, their inputs, outputs, and processing.

The primary function of an IT audit is to evaluate the systems that are in place to guard an organization’s information. Specifically, information technology audits are used to evaluate the organization’s ability to protect its information assets and properly dispense information to authorized parties.

WHY INTERNAL AUDIT? IS IT WORTH AN ADDITIONAL COST TO YOUR COMPANY?

In order to understand the term ‘Internal Audit’, lets first understand what an “Internal control system” is. Internal control system means the policies and procedures adopted by the management of an entity to assist in achieving management’s objective of ensuring orderly and efficient conduct of its business. It includes reliability of management policies, safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness of the accounting records and the timely preparation of reliable financial information.

Internal Audit is a function that constitutes a component of internal control with the objective of determining whether the internal controls are designed, managed and operated in the best possible manner.

Assessing and managing enterprise risks have become a primary concern for CFOs, Directors and audit committees. Stakeholders are increasingly demanding a higher degree of transparency and ethical behavior. In today’s global economy, organisations must be able to demonstrate that they have adequate controls and safeguards in place.

Consequently, organisations are introducing risk-based internal audit plans, which are designed to focus on critical areas. Managing loss potential, while consciously taking acceptable risks directly enables the management to provide fair returns on investment.

As Chartered Accountants, we are no longer expected and are limited for hazard avoidance or compliance of Companies’ policies. There is a need to demonstrate knowledge of risk management, business process improvement, which is a characteristic of a consultant rather than a classical internal auditor. We need to provide value-added support to management across all areas of operation, such as the Purchase-to-Pay process, possibilities, and limitations of the IT system being used, regulatory compliance, etc.

Potential benefits of Internal Audit include:

  • Gaining access and knowledge of highly skilled and experienced professionals within the relevant field
  • Timely and effective management of risk and hazards
  • Managing risk with a fresh perspective
  • Added level of scrutiny and caution in the organisation
  • Cost-benefit approach by reducing cost/overheads and managing the key ratios effectively
  • Reducing procedural complexity and participation in developing strategies and governance process

Internal Audit is no longer considered an additional cost to organisations. In fact, due to ease of business operations in UAE, it is crucial for the management to understand the risks and possible hazards, which are looking for an opportunity to pierce the shield of internal controls and paralyze the growth of any organisation. Stakeholders prefer to have a transparent approach by reviewing the internal audit reports submitted by experienced professionals.

Written by Nihar Kothari, Partner, Affiniax Partners

E-mail: nihar@affiniax.com

DLD and RERA Introduce New Service For Real Estate Stakeholders in Dubai

The Dubai Land Department (DLD), through the Real Estate Regulatory Agency (RERA), has launched an innovative electronic system called Mollak, an innovative, electronic web-based service developed by RERA for the purpose of registering Owners’ Associations and the Management Companies forming part of a Jointly Owned Property.

Mollak, which means “owner” in Arabic, is developed specifically to assist real estate stakeholders, including property developers, owners, investors, Owners Associations and Association Managers to comply with all RERA regulations and management requirements in a simple and organized manner. This is in line with the vision DLD has for Mollak, which is to position Dubai as the world’s premier real estate destination and a byword for innovation, trust and happiness.

Mollak simplifies the system of payments for Service Charges (also known as maintenance charges or operational charges for the Owners Association). The system will operate in a manner similar to the operation of an escrow account, increasing the convenience level exponentially in projects that have several different stakeholders.

The system also operates within the real estate unit owners’ database and the database of real estate units registered and approved by the DLD, where no user may change the data. These two functions operating in tandem will also allow DLD to quickly resolve several ownership disputes as they will be able to examine their own financial records regarding service or maintenance charges as well as the ownership database.

The system has already been through a highly successful pilot phase, wherein 468 bank accounts were successfully opened for project service charges, 88 management companies and 1,212 real estate projects were registered and approved by RERA, as well as 200,000 real estate units, comprising residential apartments, villas, offices and commercial shops.

The system seems on course to fulfil its mission of creating an innovative and sustainable real estate environment that will promote Dubai as the world’s happiest city through smart services, professional human and financial resources and integrated real estate legislation.

We, Affiniax Partners, are proud to be Registered Auditors for the Mollak System. To know more, please contact our Audit team at mail@affiniax.com