the accumulation and evaluation of evidence about information to determine and report on the degreee of correspondence between the information and the establish criteria.
To Do An Audit, there must be
1. information in verifiable form
2. some standards (criteria) by which the auditor can evaluate the information
Any information used by the auditor to determine whether the information being audited is stated in accordance with the established criteria.
reflects the possibility that the information upon which the business risk decision was made was inaccurate.
Causes of Information Risk
1.Remoteness of Information
2.Biases and Motives of the Provider
3. Voluminous Data
4. Complex Exchange of Transactions
Remoteness of Information
Risk that involves information that is provided by others must be relied upon. When information is obtained from others, the likelihood of it being intentionally or unintentionally mistated increases
Biases and Motives of the Provider
Risk that involves information provided by someone whose goals are inconsistent with those of the decision maker, the information may be biased in favor of the provider
Risk that involves organizations becoming larger,so does the volume of their exchange transactions. This in/cr the liklihood that improperly recorded information is included in the records or buried in the large amt of information.