Correct Answer Explanation:
In a CIS (Computer Information Systems) environment, the audit process is specifically focused on evaluating the controls and security measures related to information systems. Let’s delve into each option and explain why the given answer is correct:
a) The objective of expression of opinion on financial statements:
In a CIS environment, the primary focus is on information systems and technology-related controls rather than the traditional financial statement audit. Financial statement audits are concerned with the accuracy and reliability of financial information, which may not directly correlate with the evaluation of controls in a computer information systems context.
Therefore, the expression of opinion on financial statements is not a direct concern in a CIS audit.
In a CIS (Computer Information Systems) audit, the primary objective is to assess and ensure the integrity, confidentiality, and availability of information processed by information systems.
Unlike traditional financial statement audits, which focus on monetary transactions, a CIS audit is concerned with evaluating the controls and security measures that safeguard digital assets and data.
The expression of opinion on financial statements, as mentioned in option (a), is not the central goal in this context. Instead, the emphasis lies in scrutinizing the technological infrastructure, access controls, data encryption, and other IT-specific elements that contribute to the reliability of information systems.
Therefore, the correct answer, option (a), rightly identifies that the objective of expressing an opinion on financial statements is not a primary consideration in the unique landscape of a CIS audit.
Now, let’s examine why the other options are not correct:
b) Compliance procedures adopted by the auditor:
Compliance procedures are essential in various audits, including those related to information systems. In a CIS audit, auditors would assess compliance with relevant laws, regulations, and industry standards related to information security and data privacy.
Thus, compliance procedures are directly relevant to a CIS environment and would affect the audit.
c) Performance of substantive procedures:
Substantive procedures are crucial in audits to obtain evidence about the completeness, accuracy, and validity of information.
In a CIS audit, substantive procedures would be performed to ensure the effectiveness of controls in place and the accuracy of information processed by the information systems. Therefore, the performance of substantive procedures is relevant to a CIS audit.
The performance of substantive procedures is crucial in a CIS audit, as it involves rigorous testing to verify the accuracy and reliability of information processed by information systems.
These procedures help auditors ensure the effectiveness of controls, identify potential vulnerabilities, and confirm the integrity of digital data within the information system.
d) Evaluation of inherent risk and control risk:
Inherent risk and control risk are fundamental concepts in audit risk assessment. In a CIS environment, the evaluation of inherent risk (risk without considering controls) and control risk (risk that controls won’t prevent or detect material misstatements) is crucial for determining the overall audit risk.
Assessing these risks helps auditors tailor their audit procedures to address specific concerns in the context of information systems. Therefore, the evaluation of inherent risk and control risk is directly relevant to a CIS audit.
In summary, the correct answer is (a) because the expression of opinion on financial statements is not the primary objective of a CIS audit. The other options (b, c, and d) are directly relevant to a CIS audit as they involve procedures and assessments specific to information systems and technology controls.