The academic community holds that the evolution of audit models has progressed through four stages:transaction-based auditing,system-based auditing,tradi-tional risk-oriented auditing,and modern risk-oriented auditing.System-based auditing is just one of these stages.However,the evolution process of the core standards of risk-ori-ented auditing indicates that although the audit models have different names,they are es-sentially system-based auditing.The reason is that management and control are integ-rated,and the organizational management system is the internal control system,which is the only system operating within the organization.Apart from the internal control system,there are no other objects that can be audited.The operation of internal control system is divided into processes and results.Transaction-based auditing focuses on evaluating the control operation results.System-based auditing first understands and evaluates the con-trol operation processes before selectively testing the control operation results.Tradition-al risk-oriented auditing may seem to implement audit procedure around audit risks,but it is only a facade and still evaluates the control process and results.Although modem risk-oriented auditing adopts a top-down approach,evaluating overall level controls first and then evaluating business process level controls,it still evaluates internal control systems.Therefore,although the audit models have different names,they are all different manifest-ations of system-based auditing in specific contexts.
risk-oriented auditingsystem-based auditinginternal controlthe evalu-ation of internal controlsmanagement control integration
NETL
NSTL
万方数据
