Regulation 16 — REGULATIONS_AUDIT
Original Rule Text
16. Auditing in an Information Technology (IT) environment (1) Audits, whether financial, compliance or performance audits, are conducted increasingly in an IT environment today. Governments and other public sector entities have continuously adopted IT, in order to enhance efficiency and effectiveness in their functioning and delivery of various public services. IT has made it possible to capture, store, process, retrieve and deliver information electronically, and the delivery mode of public services is, in many cases, rapidly transitioning from physical to electronic.
(2) Audits in IT environment cover either or both of the following:
(i) Audit of IT systems or IT Audits
(ii) Financial, compliance or performance audits (or combined audits) using various IT tools for supporting the achievement of the audit objectives – also referred to as “IT assisted audits”.
(3) The broad principles of audit and requirement of access to data, information and documents as contained in these Regulations shall apply to auditing in an IT environment.
(4) Where the IT system with or used by the auditable entity is an end-to-end automated solution without significant offline/ manual documentation/ approvals, and controls for ensuring the integrity and non-repudiability of IT data is assessed by Audit to be adequate and effective, a significant proportion of audit may be conducted off-site; except with regard to outputs and outcomes, or as may be determined by Audit to be necessary for certain substantive checks in audit.