{"id":4084,"date":"2025-12-05T02:52:38","date_gmt":"2025-12-05T09:52:38","guid":{"rendered":"https:\/\/kiemtoan.man.net.vn\/?p=4084"},"modified":"2026-01-08T02:35:14","modified_gmt":"2026-01-08T09:35:14","slug":"kiem-toan-it-la-gi","status":"publish","type":"post","link":"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/","title":{"rendered":"What is IT auditing? Its role, objectives, and applications in accounting, auditing, and taxation."},"content":{"rendered":"<p><span style=\"font-weight: 400;\">IT auditing is the process of independently evaluating a company&#039;s IT systems, infrastructure, and operations. The goal is to ensure the system effectively protects assets, maintains the integrity and reliability of accounting data, operates according to established procedures, and adheres to business objectives. In the context of the digital economy, where all transactions and accounting records are conducted electronically, IT auditing becomes a crucial foundation, reinforcing stakeholder confidence in the accuracy and transparency of financial statements.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Practical application <\/span><a href=\"https:\/\/thuvienphapluat.vn\/van-ban\/Ke-toan-Kiem-toan\/Law-No-88-2015-QH13-on-accounting-299767.aspx\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Accounting Law 2015<\/span><\/a><span style=\"font-weight: 400;\">Regulations regarding electronic transactions and information security require organizations to have robust IT control systems. Weak controls can lead to data inaccuracies, asset losses, and tax risks. IT audits have become mandatory to assess the effectiveness of the design and operation of these controls. This activity helps organizations manage risks and ensure the accuracy of transactions and accounting data in the digital environment.<\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Index<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Kiem_toan_IT_Dinh_nghia_ban_chat_va_vai_tro_vo_cung_quan_trong\" >IT Auditing: Definition, Nature, and Crucial Role<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Dinh_nghia_chinh_thuc_va_khai_niem_cot_loi_cua_kiem_toan_IT\" >The official definition and core concepts of IT auditing.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Ban_chat_lien_nganh_Giao_thoa_giua_ke_toan_kiem_toan_va_cong_nghe\" >Interdisciplinary nature: The intersection of accounting, auditing, and technology.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Tam_quan_trong_trong_boi_canh_chuyen_doi_so_va_tuan_thu_thue_dien_tu\" >The importance of digital transformation and electronic tax compliance in the context of digital transformation.<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Muc_tieu_va_pham_vi_chi_tiet_cua_kiem_toan_IT\" >The objectives and detailed scope of an IT audit.<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Muc_tieu_cot_loi_Bao_ve_dam_bao_va_tuan_thu_The_CIA_Triad_va_hon_the_nua\" >Core objective: Protection, assurance, and compliance (The CIA Triad and beyond)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Dam_bao_tinh_toan_ven_va_do_tin_cay_cua_du_lieu_ke_toan\" >Ensuring the integrity and reliability of accounting data.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Pham_vi_kiem_toan_chi_tiet_co_so_ha_tang_ung_dung_du_lieu_van_hanh\" >Detailed audit scope (infrastructure, applications, data, operations)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Khuon_kho_phap_ly_va_tieu_chuan_ung_dung_cho_kiem_toan_IT_tai_Viet_Nam\" >Legal framework and application standards for IT auditing in Vietnam<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Cac_quy_dinh_phap_luat_Viet_Nam_lien_quan_den_kiem_toan_va_CNTT\" >Vietnamese legal regulations related to auditing and IT.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Chuan_muc_quoc_te_va_khung_kiem_soat_chinh_thuc_COBIT_ISO_27001\" >International standards and formal control frameworks (COBIT, ISO 27001)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Vai_tro_cua_chuan_muc_kiem_toan_Viet_Nam_VSA_doi_voi_kiem_toan_IT\" >The role of Vietnamese Auditing Standards (VSA) in IT auditing.<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Quy_trinh_va_phuong_phap_luan_thuc_hien_kiem_toan_IT\" >Process and methodology for conducting IT audits.<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Giai_doan_1_Lap_ke_hoach_va_danh_gia_rui_ro_CNTT\" >Phase 1: IT Risk Planning and Assessment<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Giai_doan_2_Thuc_hien_thu_thap_va_phan_tich_bang_chung_kiem_toan\" >Phase 2: Collecting and analyzing audit evidence<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Ky_thuat_kiem_toan_bang_may_tinh_CAATs_va_ung_dung_cong_cu\" >Computerized Auditing Techniques (CAATs) and Tool Applications<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Giai_doan_3_Bao_cao_va_de_xuat_khuyen_nghi\" >Phase 3: Reporting and Recommendations<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Ung_dung_thuc_tien_cua_kiem_toan_cong_nghe_thong_tin_trong_nganh_ke_toan_%E2%80%93_kiem_toan_%E2%80%93_thue\" >Practical applications of IT auditing in the accounting, auditing, and tax sectors.<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Ung_dung_trong_kiem_toan_bao_cao_tai_chinh_kiem_soat_chung_CNTT_%E2%80%93_GCC\" >Applications in financial statement auditing (General Control of IT \u2013 GCC)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Danh_gia_kiem_soat_ung_dung_Application_Controls_va_tu_dong_hoa_ke_toan\" >Assessment of Application Controls and Accounting Automation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Tac_dong_den_cong_tac_quan_tri_thue_va_hoa_don_dien_tu_e-Tax\" >Impact on tax administration and electronic invoicing (e-Tax)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Vai_tro_cua_kiem_toan_IT_trong_phat_hien_gian_lan_ke_toan_Fraud_Detection\" >The role of IT auditing in detecting accounting fraud (Fraud Detection)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Thach_thuc_va_xu_huong_phat_trien_cua_kiem_toan_IT_trong_tuong_lai\" >Challenges and future trends in IT auditing.<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Thach_thuc_trong_moi_truong_dien_toan_dam_may_Cloud_Computing_va_tri_tue_nhan_tao_AI\" >Challenges in the Cloud Computing and Artificial Intelligence (AI) Environment<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Nhu_cau_ve_nguon_nhan_luc_kiem_toan_vien_IT_chat_luong_cao_CISA\" >The demand for high-quality IT auditors (CISA)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Tom_tat_kiem_soat_CNTT_trong_ke_toan\" >Summary of IT controls in accounting<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Ket_luan\" >Conclude<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Thong_tin_lien_he_dich_vu_tai_MAN_%E2%80%93_Master_Accountant_Network\" >Service contact information at MAN \u2013 Master Accountant Network<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#FAQ_%E2%80%93_Cau_hoi_thuong_gap_ve_kiem_toan_IT\" >FAQ \u2013 Frequently Asked Questions about IT Audits<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Kiem_toan_IT_khac_gi_so_voi_Kiem_toan_Bao_cao_Tai_chinh_truyen_thong\" >How does IT auditing differ from traditional financial statement auditing?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Doanh_nghiep_nao_can_thuc_hien_Kiem_toan_IT\" >Which businesses need to conduct IT audits?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Chung_chi_CISA_la_gi_va_co_vai_tro_nhu_the_nao_trong_Kiem_toan_IT\" >What is CISA certification and what is its role in IT auditing?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Cac_khuon_kho_kiem_soat_pho_bien_nhat_duoc_su_dung_trong_Kiem_toan_IT_la_gi\" >What are the most common control frameworks used in IT auditing?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-34\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Kiem_toan_IT_co_giup_phat_hien_gian_lan_ke_toan_khong\" >Can IT audits help detect accounting fraud?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-35\" href=\"https:\/\/kiemtoan.man.net.vn\/en\/kiem-toan-it-la-gi\/#Kiem_toan_IT_xu_ly_thach_thuc_tu_Dien_toan_Dam_may_Cloud_nhu_the_nao\" >How do IT auditors address the challenges posed by Cloud Computing?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Kiem_toan_IT_Dinh_nghia_ban_chat_va_vai_tro_vo_cung_quan_trong\"><\/span><b>IT Auditing: Definition, Nature, and Crucial Role<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">IT auditing is an independent professional field that assesses the effectiveness and completeness of internal control systems related to IT, ensuring security, integrity, and legal compliance. Unlike traditional financial auditing, IT auditing delves into digital infrastructure, software applications, databases, and incident management processes. In the context of digital transformation and e-taxation, this type of audit helps businesses ensure data accuracy, reduce legal risks, protect digital assets, and improve internal governance efficiency.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Dinh_nghia_chinh_thuc_va_khai_niem_cot_loi_cua_kiem_toan_IT\"><\/span><b>The official definition and core concepts of IT auditing.<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">IT auditing is defined as an independent professional field focused on evaluating the adequacy, appropriateness, and effectiveness of internal IT-related control systems. The goal is to ensure these systems support the organization in achieving its security, integrity, availability, and compliance objectives.<\/span><\/p>\n<figure id=\"attachment_4088\" aria-describedby=\"caption-attachment-4088\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-4088\" src=\"https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Kiem-toan-IT_-Dinh-nghia-ban-chat-va-vai-tro-vo-cung-quan-trong.png\" alt=\"Ki\u1ec3m to\u00e1n IT_ \u0110\u1ecbnh ngh\u0129a, b\u1ea3n ch\u1ea5t v\u00e0 vai tr\u00f2 v\u00f4 c\u00f9ng quan tr\u1ecdng\" width=\"1200\" height=\"800\" srcset=\"https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Kiem-toan-IT_-Dinh-nghia-ban-chat-va-vai-tro-vo-cung-quan-trong.png 1200w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Kiem-toan-IT_-Dinh-nghia-ban-chat-va-vai-tro-vo-cung-quan-trong-300x200.png 300w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Kiem-toan-IT_-Dinh-nghia-ban-chat-va-vai-tro-vo-cung-quan-trong-1024x683.png 1024w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Kiem-toan-IT_-Dinh-nghia-ban-chat-va-vai-tro-vo-cung-quan-trong-768x512.png 768w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Kiem-toan-IT_-Dinh-nghia-ban-chat-va-vai-tro-vo-cung-quan-trong-18x12.png 18w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-4088\" class=\"wp-caption-text\">IT Auditing: Definition, Nature, and Crucial Role<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\">Auditors will examine everything from accounting software applications, databases, and networks, to incident and change management processes. Unlike traditional financial statement audits, IT audits delve into the digital foundation where economic transactions occur and are processed.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ban_chat_lien_nganh_Giao_thoa_giua_ke_toan_kiem_toan_va_cong_nghe\"><\/span><b>Interdisciplinary nature: The intersection of accounting, auditing, and technology.<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">In the modern environment, the lines between accounting and IT systems have almost blurred. Electronic documents, electronic invoices, and online approval processes create a completely digitized data chain. Therefore, the accuracy of financial statements depends directly on the effectiveness of General IT Controls (GITCs) and Application Controls. IT auditing serves as the bridge to assess this close relationship.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">An IT audit assesses whether the system complies with Article 17 of the 2015 Accounting Law regarding the preparation of accounting documents, particularly electronic documents. IT auditors will examine controls on data storage (ensuring protection against alteration and loss), access controls (ensuring only authorized personnel are allowed to record transactions), and backup\/recovery controls. The results of an IT audit provide essential evidence for financial statement auditors to form an opinion on the fairness and accuracy of the financial statements.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tam_quan_trong_trong_boi_canh_chuyen_doi_so_va_tuan_thu_thue_dien_tu\"><\/span><b>The importance of digital transformation and electronic tax compliance in the context of digital transformation.<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The importance of IT auditing is highlighted in the context of digital transformation, where data is considered a strategic asset. Electronic tax transactions and the use of electronic invoices are examples of this. <\/span><a href=\"https:\/\/thuvienphapluat.vn\/van-ban\/Ke-toan-Kiem-toan\/Nghi-dinh-123-2020-ND-CP-quy-dinh-hoa-don-chung-tu-445980.aspx\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Decree 123\/2020\/ND-CP<\/span><\/a><span style=\"font-weight: 400;\"> Circular 78\/2021\/TT-BTC and Circular 78\/2021\/TT-BTC are both based on IT platforms. System failures or errors can cause widespread mistakes, leading to serious legal and tax consequences.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Therefore, IT audits ensure that these systems not only function but also guarantee the authenticity, legality, and traceability of tax and accounting documents. Reliability in automated processes through IT audits helps businesses minimize the risk of penalties for tax violations. For public companies, transparency and data security through IT audits also contribute to improved corporate governance.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Muc_tieu_va_pham_vi_chi_tiet_cua_kiem_toan_IT\"><\/span><b>The objectives and detailed scope of an IT audit.<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">IT audits provide a comprehensive assessment of IT systems, from infrastructure and applications to data and operations, to protect the security, integrity, and availability of financial information. Aimed at ensuring efficiency, legal compliance, and data reliability, IT audits focus on general controls, application controls, change management, data backup, and security. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">This activity is fundamental to reducing the risk of errors and fraud and ensuring that financial reports accurately reflect the actual situation, especially in the context of digital transformation and electronic accounting.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Muc_tieu_cot_loi_Bao_ve_dam_bao_va_tuan_thu_The_CIA_Triad_va_hon_the_nua\"><\/span><b>Core objective: Protection, assurance, and compliance (The CIA Triad and beyond)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The objectives of IT audits are often expanded from the three basic control objectives (CIA Triad): Confidentiality, Integrity, and Availability, along with objectives related to business processes and governance.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Confidentiality: Ensuring that information is only accessed by authorized individuals or systems. In accounting, this is extremely important for sensitive information such as salaries, expenses, or customer data.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Integrity: Ensuring that data is accurate, complete, and reliable throughout its lifecycle. This directly impacts the reliability of financial statements.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Availability: Ensuring that the system and data can be accessed by legitimate users when needed. System disruptions can cause significant economic losses.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Effectiveness: Assessing whether the IT system effectively supports business and accounting objectives.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Compliance: Verifying compliance with internal and external regulations, including tax, accounting, and security laws. Compliance is the focus of any IT audit.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Dam_bao_tinh_toan_ven_va_do_tin_cay_cua_du_lieu_ke_toan\"><\/span><b>Ensuring the integrity and reliability of accounting data.<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Data integrity is a vital element of accounting and auditing. IT auditing focuses on examining controls that ensure the completeness, accuracy, and timeliness of financial data. For example, it examines input controls such as sequence checks to ensure that no transactions are missed or duplicated.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Auditors will examine processing controls to ensure that accounting calculations and business logic are executed correctly by the system. This is especially important for complex transactions such as depreciation calculations, inventory valuation (FIFO\/Weighted Average), or VAT calculations. The assurance from IT auditors regarding data integrity is fundamental to minimizing the scope of substantive testing for financial statements.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Pham_vi_kiem_toan_chi_tiet_co_so_ha_tang_ung_dung_du_lieu_van_hanh\"><\/span><b>Detailed audit scope (infrastructure, applications, data, operations)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The scope of an IT audit is very broad, encompassing every component of the IT system.<\/span><\/p>\n<table style=\"width: 100%; border-style: solid; border-color: #000000;\" border=\"1\" cellspacing=\"2\" cellpadding=\"12\">\n<caption><b>Basic IT Audit Scope Classification Table<\/b><\/caption>\n<tbody>\n<tr>\n<td style=\"text-align: center;\"><b>Auditing field<\/b><\/td>\n<td style=\"text-align: center;\"><b>Detailed Description<\/b><\/td>\n<td style=\"text-align: center;\"><b>Significant Risks Related to Accounting<\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Infrastructure<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Evaluate network systems, servers, operating systems (OS), and storage devices. Inspect physical controls and security configurations.<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">System outage (resulting in no transaction recording), Physical security vulnerability.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">General Application Controls (GITCs)<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Access Control, System Development and Maintenance (SDLC), Change Management, Backup\/Recovery.<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Unauthorized alteration of accounting data, System errors due to uncontrolled changes, Loss of financial data.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Application Controls<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Input\/output control, processing control (automatic calculations), and task separation (SoD) in the software.<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Discrepancies in transaction recording, fraud through modification of electronic documents.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Security and Data<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Evaluate security policies, password management, and encryption of sensitive data (such as customer information and payroll details).<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Violation of Information Security Regulations, Disclosure of Sensitive Business Information.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Operations<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Incident Management assessment, data center operations, business continuity planning (BCP), and disaster recovery (DRP).<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Interruption of accounting operations, inability to complete the closing period.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">Within the GITCs framework, IT audits must focus particularly on the Change Management process. According to auditing standards, any change to the core accounting system, however small, must be tightly controlled. A lack of control in this process is a common cause of errors and fraud in financial information systems.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Khuon_kho_phap_ly_va_tieu_chuan_ung_dung_cho_kiem_toan_IT_tai_Viet_Nam\"><\/span><b>Legal framework and application standards for IT auditing in Vietnam<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">IT auditing activities in Vietnam are based on both domestic legal frameworks and international standards. The Accounting Law 2015, the Electronic Transactions Law, Decree 85\/2016\/ND-CP, and Circular 78\/2021\/TT-BTC provide the legal basis for auditing electronic documents, accounting data, and electronic invoices. Simultaneously, COBIT, ISO 27001, and ITIL provide international standards for evaluating the effectiveness of IT control, security, and operations. IT auditing also supports the implementation of VSA 315 and VSA 330, helping financial statement auditors assess risks and ensure sufficient and accurate audit evidence.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cac_quy_dinh_phap_luat_Viet_Nam_lien_quan_den_kiem_toan_va_CNTT\"><\/span><b>Vietnamese legal regulations related to auditing and IT.<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Vietnam has issued many important legal documents that provide a basis for IT auditing activities:<\/span><\/p>\n<figure id=\"attachment_4086\" aria-describedby=\"caption-attachment-4086\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-4086\" src=\"https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Khuon-kho-phap-ly-va-tieu-chuan-ung-dung-cho-kiem-toan-IT-tai-Viet-Nam.png\" alt=\"Khu\u00f4n kh\u1ed5 ph\u00e1p l\u00fd v\u00e0 ti\u00eau chu\u1ea9n \u1ee9ng d\u1ee5ng cho ki\u1ec3m to\u00e1n IT t\u1ea1i Vi\u1ec7t Nam\" width=\"1200\" height=\"800\" srcset=\"https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Khuon-kho-phap-ly-va-tieu-chuan-ung-dung-cho-kiem-toan-IT-tai-Viet-Nam.png 1200w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Khuon-kho-phap-ly-va-tieu-chuan-ung-dung-cho-kiem-toan-IT-tai-Viet-Nam-300x200.png 300w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Khuon-kho-phap-ly-va-tieu-chuan-ung-dung-cho-kiem-toan-IT-tai-Viet-Nam-1024x683.png 1024w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Khuon-kho-phap-ly-va-tieu-chuan-ung-dung-cho-kiem-toan-IT-tai-Viet-Nam-768x512.png 768w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Khuon-kho-phap-ly-va-tieu-chuan-ung-dung-cho-kiem-toan-IT-tai-Viet-Nam-18x12.png 18w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-4086\" class=\"wp-caption-text\">Legal framework and application standards for IT auditing in Vietnam<\/figcaption><\/figure>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The 2015 Accounting Law, in particular, stipulates that accounting documents, ledgers, and financial reports must be prepared and stored electronically. This requires IT auditors to verify the legality and reliability of digitized documents.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The Electronic Transactions Act 2005: Provides a legal framework for the value of data messages, serving as the basis for determining the validity of electronic documents generated by accounting systems.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Decree 85\/2016\/ND-CP (on ensuring information system security according to levels): Defines technical and management requirements for information security, which is a core criterion for IT audits to assess compliance.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Circular 78\/2021\/TT-BTC (on electronic invoices): Requires the system to ensure the integrity, security, and ability to store electronic invoices for the specified period. This is a mandatory IT audit area.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Referencing these laws in an IT audit report enhances the legal validity and weight of the recommendations, especially when those recommendations relate to improving controls to avoid administrative violations in accounting or taxation.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Chuan_muc_quoc_te_va_khung_kiem_soat_chinh_thuc_COBIT_ISO_27001\"><\/span><b>International standards and formal control frameworks (COBIT, ISO 27001)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">In practice, professional IT auditors typically rely on globally recognized international standards and frameworks to conduct their assessments.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">COBIT (Control Objectives for Information and Related Technologies): This is the most popular framework for enterprise IT governance and management, developed by ISACA. COBIT 2019 provides a comprehensive set of control objectives that IT auditors use to evaluate the design and operation of GITCs. COBIT is considered the backbone of all IT audits of internal controls.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ISO\/IEC 27001 (Information Security Management System \u2013 ISMS): This framework focuses on establishing, implementing, maintaining, and continuously improving an information security management system. When conducting an IT security audit, auditors typically compare a company&#039;s current controls with the controls listed in ISO 27002 (code of practice).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ITIL (Information Technology Infrastructure Library): Focuses on IT service management. Auditors use ITIL to evaluate the effectiveness of IT operational processes, such as incident management, problem management, and change management.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Vai_tro_cua_chuan_muc_kiem_toan_Viet_Nam_VSA_doi_voi_kiem_toan_IT\"><\/span><b>The role of Vietnamese Auditing Standards (VSA) in IT auditing.<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Although VSAs are not specialized IT standards, they still play a guiding role:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">VSA 315 (Identifying and Assessing Risks of Material Misconduct Through Understanding the Entity and its Environment): Requires auditors to understand the client&#039;s IT environment to identify and assess risks. This forces financial statement auditors to utilize their knowledge or expertise in IT auditing to complete VSA 315.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">VSA 330 (Auditor&#039;s Remedies for Assessed Risks): If IT controls are assessed as effective, the auditor may minimize substantive testing and rely on control testing. Conversely, if the IT audit indicates weak controls, the scope of substantive testing must be significantly expanded.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">IT auditing plays a crucial role in gathering evidence regarding internal controls to meet VSA requirements, ensuring the completeness and appropriateness of audit evidence.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Quy_trinh_va_phuong_phap_luan_thuc_hien_kiem_toan_IT\"><\/span><b>Process and methodology for conducting IT audits.<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The process of conducting a professional IT audit typically follows standard stages, ensuring systematic and objective execution.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Giai_doan_1_Lap_ke_hoach_va_danh_gia_rui_ro_CNTT\"><\/span><b>Phase 1: IT Risk Planning and Assessment<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The first and most important step in an IT audit is planning, which begins with understanding the IT environment and assessing the risks.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Understanding the IT environment: Gather information about the IT organizational structure, key applications (especially ERP and accounting systems), network infrastructure, and current policies and procedures.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">IT Risk Assessment: Identify potential threats and vulnerabilities that could affect the objectives of the financial information system. Classify risks by materiality level (high, medium, low). Common risks include unauthorized access, uncontrolled change, and data loss.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Establishing Scope and Objectives: Based on the risk assessment, clearly define the specific systems, processes, and controls that will be included within the IT audit scope. For example, if the Change Management risk is high, the audit focus will be on this process.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Giai_doan_2_Thuc_hien_thu_thap_va_phan_tich_bang_chung_kiem_toan\"><\/span><b>Phase 2: Collecting and analyzing audit evidence<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">This is the implementation phase, where IT auditors conduct audit procedures.<\/span><\/p>\n<figure id=\"attachment_4089\" aria-describedby=\"caption-attachment-4089\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-4089\" src=\"https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Quy-trinh-va-phuong-phap-luan-thuc-hien-kiem-toan-IT.png\" alt=\"Quy tr\u00ecnh v\u00e0 ph\u01b0\u01a1ng ph\u00e1p lu\u1eadn th\u1ef1c hi\u1ec7n ki\u1ec3m to\u00e1n IT\" width=\"1200\" height=\"800\" srcset=\"https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Quy-trinh-va-phuong-phap-luan-thuc-hien-kiem-toan-IT.png 1200w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Quy-trinh-va-phuong-phap-luan-thuc-hien-kiem-toan-IT-300x200.png 300w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Quy-trinh-va-phuong-phap-luan-thuc-hien-kiem-toan-IT-1024x683.png 1024w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Quy-trinh-va-phuong-phap-luan-thuc-hien-kiem-toan-IT-768x512.png 768w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Quy-trinh-va-phuong-phap-luan-thuc-hien-kiem-toan-IT-18x12.png 18w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-4089\" class=\"wp-caption-text\">Process and methodology for conducting IT audits.<\/figcaption><\/figure>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Interviews: Interview IT personnel and end users to gain a thorough understanding of the actual process.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Observation: Observe activities such as data backup procedures and physical access control to the server room.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Document review: Examine policy documents, procedures, system log files, and change management reports.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tests of Controls: Design Effectiveness Test: Determines whether the control is appropriately designed to prevent or detect the risk; Operating Effectiveness Test: Verifyes whether the control has been operated effectively and consistently throughout the audit period.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Ky_thuat_kiem_toan_bang_may_tinh_CAATs_va_ung_dung_cong_cu\"><\/span><b>Computerized Auditing Techniques (CAATs) and Tool Applications<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">CAATs (Computer-Assisted Audit Techniques) are tools and techniques used by IT auditors to collect data, analyze information, and test automated controls.<\/span><\/p>\n<table style=\"width: 100%; border-style: solid; border-color: #000000;\" border=\"1\" cellspacing=\"2\" cellpadding=\"12\">\n<caption><b>Summary table of examples of applying CAATs techniques in IT auditing.<\/b><\/caption>\n<tbody>\n<tr>\n<td style=\"text-align: center;\"><b>CAATs technique<\/b><\/td>\n<td style=\"text-align: center;\"><b>Main Purpose<\/b><\/td>\n<td style=\"text-align: center;\"><b>Applications in Accounting\/Auditing<\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Data Analysis Software<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Analyze the entire dataset (100% transactions) to identify anomalies or fraudulent patterns.<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Look for unusually large transactions, deals approved outside of business hours, and check the completeness of invoice numbers.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Test Data<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Run test data (e.g., invoices with invalid product codes, incorrect dates) through the system to see if application controls are working.<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Confirm that the system rejects transactions that do not meet the pre-programmed input controls.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Embedded Audit Modules<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Install modules into the production system to automatically record high-risk transactions.<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Continuously monitor transactions made by privileged users or transactions exceeding threshold values.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Create Control Flowcharting<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Use software to create automated process flowcharts within the system.<\/span><\/td>\n<td style=\"text-align: center;\"><span style=\"font-weight: 400;\">Understanding the accounting system&#039;s processing logic is crucial for identifying weaknesses in control mechanisms.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">Using CAATs helps increase the effectiveness of IT audits and ensures that a wide range of electronic data is assessed.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Giai_doan_3_Bao_cao_va_de_xuat_khuyen_nghi\"><\/span><b>Phase 3: Reporting and Recommendations<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The results of an IT audit are compiled into an Audit Report. This report should not only list the findings but also provide practical and highly feasible recommendations.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Findings: Detailed description of weaknesses in internal controls, including identified IT risks. For example: \u201cSystem change controls did not require prior approval from business users before deployment, violating the Change Management policy.\u201d<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Impact: Explain the potential consequences of the findings, particularly the impact on the integrity of accounting data and the ability to comply with the law.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Recommendations: Suggest specific actions to address weaknesses. For example: \u201cRequest the IT department to revise the Change Management process to include an automatic Chief Accountant approval step for all changes affecting financial data.\u201d<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Ung_dung_thuc_tien_cua_kiem_toan_cong_nghe_thong_tin_trong_nganh_ke_toan_%E2%80%93_kiem_toan_%E2%80%93_thue\"><\/span><b>Practical applications of IT auditing in the accounting, auditing, and tax sectors.<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">IT auditing is a key element in accounting, auditing, and taxation, ensuring the accuracy, integrity, and legal compliance of financial data. This activity assesses overall IT control, application control, accounting automation, and electronic invoicing, helping to reduce the risk of errors, optimize financial statement testing, and ensure compliance with electronic tax regulations. Simultaneously, IT auditing detects fraud through the analysis of authorizations, system logs, and transaction data, becoming a crucial line of defense protecting assets, reputation, and improving corporate governance.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ung_dung_trong_kiem_toan_bao_cao_tai_chinh_kiem_soat_chung_CNTT_%E2%80%93_GCC\"><\/span><b>Applications in financial statement auditing (General Control of IT \u2013 GCC)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">For financial statement auditors, the results of the IT audit regarding General Computer Controls (GCCs) are the basis for deciding on the audit approach. GCCs include controls on Logical Access, Change Management, and System Development.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If the IT Audit confirms that the GCCs are operating effectively (e.g., only authorized personnel can access the system; all changes are fully tested and approved), the auditor may:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Minimize basic testing: Rely on automated application checks instead of manually testing numerous transactions.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Increased confidence: Having a reliable basis for the data output from the system reduces audit risk.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Conversely, if GCCs are weak, auditors are forced to consider the system unreliable and must perform extensive, time-consuming, and costly substantive testing. IT audits provide evidence to justify this decision.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Danh_gia_kiem_soat_ung_dung_Application_Controls_va_tu_dong_hoa_ke_toan\"><\/span><b>Assessment of Application Controls and Accounting Automation<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Application controls are pre-programmed controls within accounting software (e.g., ERP, sales software). IT audits evaluate three main types of application controls:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Input control: Ensure that data is entered accurately and completely. For example, the system should not allow the entry of transaction dates that are later than the current date.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Processing control: Ensuring data is processed accurately. For example, automatically calculating VAT based on a registered tax identification number.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Output control: Ensure that the output (reports, prints) is accurate and delivered to the right people. For example, payroll reports should only be printed after approval.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">IT audits utilize test data techniques to verify the functionality of these application controls. This ensures the accuracy of automated accounting entries, thereby significantly reducing the risk of errors in financial statements.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tac_dong_den_cong_tac_quan_tri_thue_va_hoa_don_dien_tu_e-Tax\"><\/span><b>Impact on tax administration and electronic invoicing (e-Tax)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">In the era of e-taxation, the use of electronic invoices is mandatory. IT audits play a crucial role in protecting businesses from tax compliance risks.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Invoice integrity: Verify that the storage system ensures that electronic invoices are not altered after being digitally signed and submitted to the tax authorities (Compliance with Article 7, Decree 123\/2020\/ND-CP).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Transmission security: Assessing security controls during the connection process with the General Department of Taxation&#039;s portal.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Data storage: Verify the ability to retrieve and store electronic invoices for the prescribed period (usually 10 years according to the Accounting Law).<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">By strengthening IT controls through IT audits, businesses can be more confident in complying with complex e-tax regulations and minimize the possibility of penalties.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Vai_tro_cua_kiem_toan_IT_trong_phat_hien_gian_lan_ke_toan_Fraud_Detection\"><\/span><b>The role of IT auditing in detecting accounting fraud (Fraud Detection)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Fraud is often perpetrated by exploiting vulnerabilities in IT systems. IT audits help detect fraud by:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">SoD (Segregation of Duties) Check: Analyzes user permissions within the accounting system to determine if anyone has sufficient authority to execute, record, and approve a transaction (e.g., creating a new supplier and approving payment to that supplier).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">System log analysis: Using analytical tools to look for unusual activity (e.g., accessing data outside of business hours, repeated failed access attempts).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Data Forensics: Applying CAATs techniques to analyze entire transaction data, searching for patterns of fraud (e.g., Benford&#039;s Law algorithm to check the distribution of the first digit).<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">IT auditing is an advanced line of defense that helps companies detect and prevent fraud in a timely manner, protecting assets and reputation.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Thach_thuc_va_xu_huong_phat_trien_cua_kiem_toan_IT_trong_tuong_lai\"><\/span><b>Challenges and future trends in IT auditing.<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">IT auditing faces challenges from cloud computing and AI, as many controls are vendor-centric and the transparency and accuracy of AI models need to be assessed. The demand for IT auditors skilled in both technical and accounting\/tax expertise is increasing. This work involves examining critical controls such as logical access, change management, backup and recovery, task separation, and network security, ensuring accounting data is safe, accurate, and compliant with the law.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Thach_thuc_trong_moi_truong_dien_toan_dam_may_Cloud_Computing_va_tri_tue_nhan_tao_AI\"><\/span><b>Challenges in the Cloud Computing and Artificial Intelligence (AI) Environment<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The shift to Cloud Computing poses a significant challenge for IT Auditors. In the Cloud model, much of the physical and general control (such as infrastructure management) is transferred to the Cloud Service Provider (CSP).<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Scope of audit: Auditors cannot directly inspect data centers. They must rely on Service Organization Control (SOC) reports from CSPs.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Data compliance: Ensure that accounting data stored on the Cloud complies with Vietnamese law regarding geographical data storage locations. IT auditors need in-depth knowledge of Cloud Service Agreements (SLAs) and Cloud security standards (such as CSA \u2013 Cloud Security Alliance).<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The emergence of AI and Machine Learning in business processes (e.g., AI automatically classifying invoices, suggesting accounting entries) also requires IT auditors to develop new evaluation methodologies. It is necessary to ensure the transparency, interpretability, and bias of these AI models.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Nhu_cau_ve_nguon_nhan_luc_kiem_toan_vien_IT_chat_luong_cao_CISA\"><\/span><b>The demand for high-quality IT auditors (CISA)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The demand for highly qualified IT auditors is increasing. Big 4 auditing firms and large businesses all need individuals with professional certifications, especially the CISA (Certified Information Systems Auditor) certification from ISACA.<\/span><\/p>\n<figure id=\"attachment_4090\" aria-describedby=\"caption-attachment-4090\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-4090\" src=\"https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Thach-thuc-va-xu-huong-phat-trien-cua-kiem-toan-IT-trong-tuong-lai.png\" alt=\"Th\u00e1ch th\u1ee9c v\u00e0 xu h\u01b0\u1edbng ph\u00e1t tri\u1ec3n c\u1ee7a ki\u1ec3m to\u00e1n IT trong t\u01b0\u01a1ng lai\" width=\"1200\" height=\"800\" srcset=\"https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Thach-thuc-va-xu-huong-phat-trien-cua-kiem-toan-IT-trong-tuong-lai.png 1200w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Thach-thuc-va-xu-huong-phat-trien-cua-kiem-toan-IT-trong-tuong-lai-300x200.png 300w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Thach-thuc-va-xu-huong-phat-trien-cua-kiem-toan-IT-trong-tuong-lai-1024x683.png 1024w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Thach-thuc-va-xu-huong-phat-trien-cua-kiem-toan-IT-trong-tuong-lai-768x512.png 768w, https:\/\/kiemtoan.man.net.vn\/wp-content\/uploads\/2025\/12\/Thach-thuc-va-xu-huong-phat-trien-cua-kiem-toan-IT-trong-tuong-lai-18x12.png 18w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-4090\" class=\"wp-caption-text\">Challenges and future trends in IT auditing.<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\">IT auditors need not only technical knowledge but also a thorough understanding of accounting, tax, and business processes. They are individuals who are capable of:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Cross-departmental communication: Engage with both the Chief Financial Officer (CFO) and the Chief Technology Officer (CIO) to propose comprehensive control solutions.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Applying the control framework: Master COBIT and ISO 27001 to implement IT audit procedures according to standards.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Investing in training and developing an IT audit team is a vital strategy for any organization that wants to manage risk in the digital environment.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tom_tat_kiem_soat_CNTT_trong_ke_toan\"><\/span><b>Summary of IT controls in accounting<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">To get a clearer picture, consider the aspects that an IT audit must cover:<\/span><\/p>\n<table style=\"width: 100%; border-style: solid; border-color: #000000;\" border=\"1\" cellspacing=\"2\" cellpadding=\"12\">\n<caption><b>Summary table of control areas and their relationship to accounting data.<\/b><\/caption>\n<tbody>\n<tr>\n<td style=\"text-align: center; width: 27.5551%;\"><b>Control Area<\/b><\/td>\n<td style=\"text-align: center; width: 27.1543%;\"><b>Target Control<\/b><\/td>\n<td style=\"text-align: center; width: 44.489%;\"><b>Impact on Accounting Data<\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center; width: 27.5551%;\"><span style=\"font-weight: 400;\">Logical Access Control<\/span><\/td>\n<td style=\"text-align: center; width: 27.1543%;\"><span style=\"font-weight: 400;\">User access control, strong password policy<\/span><\/td>\n<td style=\"text-align: center; width: 44.489%;\"><span style=\"font-weight: 400;\">Prevent unauthorized modification of accounting records and electronic documents.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center; width: 27.5551%;\"><span style=\"font-weight: 400;\">Change Management<\/span><\/td>\n<td style=\"text-align: center; width: 27.1543%;\"><span style=\"font-weight: 400;\">Procedures for checking, approving, and recording system changes.<\/span><\/td>\n<td style=\"text-align: center; width: 44.489%;\"><span style=\"font-weight: 400;\">Ensure the continuity of the accounting system and avoid errors caused by uncontrolled software updates.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center; width: 27.5551%;\"><span style=\"font-weight: 400;\">Backup and Restore<\/span><\/td>\n<td style=\"text-align: center; width: 27.1543%;\"><span style=\"font-weight: 400;\">Regularly back up your data and test for disaster recovery.<\/span><\/td>\n<td style=\"text-align: center; width: 44.489%;\"><span style=\"font-weight: 400;\">Ensure the availability and integrity of accounting data after an incident.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 27.5551%; text-align: center;\"><span style=\"font-weight: 400;\">Task Breakdown (SoD)<\/span><\/td>\n<td style=\"width: 27.1543%; text-align: center;\"><span style=\"font-weight: 400;\">Controlling overlapping authority within the system.<\/span><\/td>\n<td style=\"width: 44.489%; text-align: center;\"><span style=\"font-weight: 400;\">Preventing accounting fraud through collusion or abuse of power.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 27.5551%; text-align: center;\"><span style=\"font-weight: 400;\">Network Control<\/span><\/td>\n<td style=\"width: 27.1543%; text-align: center;\"><span style=\"font-weight: 400;\">Firewall, Intrusion Detection System (IDS\/IPS)<\/span><\/td>\n<td style=\"width: 44.489%; text-align: center;\"><span style=\"font-weight: 400;\">Protect the confidentiality and integrity of accounting information from external threats.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">IT auditors must gather sufficient evidence to conclude on the effectiveness of each of these control areas during their IT audit.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Ket_luan\"><\/span><b>Conclude<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">IT auditing is a crucial part of modern financial statement auditing, ensuring the transparency, accuracy, and legal compliance of digitized accounting data. It&#039;s a process of assessing financial and business risks from the technological environment, going beyond simply examining computers or networks. Professional IT audit reports provide insightful information into internal control gaps, helping to protect assets, improve operational efficiency, and strengthen investor confidence.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Improve financial management efficiency and legal compliance with <\/span><a href=\"https:\/\/man.net.vn\/dich-vu-kiem-toan\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">auditing services<\/span><\/a><span style=\"font-weight: 400;\"> and <\/span><a href=\"https:\/\/thue.man.net.vn\/dich-vu-ke-toan-thue-tron-goi\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">full-service tax accounting<\/span><\/a><span style=\"font-weight: 400;\"> From MAN \u2013 Master Accountant Network. We provide comprehensive solutions: tax audits, financial reporting, cost management consulting, and tax compliance optimization. With a team of experienced professionals, MAN helps businesses review and optimize costs, prevent legal risks, and confidently face any audit. Our in-depth training courses and specialized workshops equip you with practical knowledge, enhancing your financial management and tax accounting capabilities.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Thong_tin_lien_he_dich_vu_tai_MAN_%E2%80%93_Master_Accountant_Network\"><\/span><b>Service contact information at MAN \u2013 Master Accountant Network<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Address: No. 19A, Street 43, Tan Thuan Ward, Ho Chi Minh City<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Mobile\/Zalo: 0903 963 163 \u2013 0903 428 622<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Email: man@man.net.vn<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Content production by: Mr. <\/span><a href=\"https:\/\/man.net.vn\/le-hoang-tuyen\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Le Hoang Tuyen<\/span><\/a><span style=\"font-weight: 400;\"> \u2013 Founder &amp; CEO MAN \u2013 Master Accountant Network, Vietnamese CPA Auditor with over 30 years of experience in Accounting, Auditing and Financial Consulting.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"FAQ_%E2%80%93_Cau_hoi_thuong_gap_ve_kiem_toan_IT\"><\/span><b>FAQ \u2013 Frequently Asked Questions about IT Audits<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n        <section class=\"sc_fs_faq sc_card\">\n            <div>\n\t\t\t\t<h3><span class=\"ez-toc-section\" id=\"Kiem_toan_IT_khac_gi_so_voi_Kiem_toan_Bao_cao_Tai_chinh_truyen_thong\"><\/span>How does IT auditing differ from traditional financial statement auditing?<span class=\"ez-toc-section-end\"><\/span><\/h3>                <div>\n\t\t\t\t\t                    <p>\n\t\t\t\t\t\tIT audits assess the IT control system as the foundation for data production, unlike traditional financial statement audits which focus on the accuracy of the financial figures already generated.                    <\/p>\n                <\/div>\n            <\/div>\n        <\/section>\n\t\t        <section class=\"sc_fs_faq sc_card\">\n            <div>\n\t\t\t\t<h3><span class=\"ez-toc-section\" id=\"Doanh_nghiep_nao_can_thuc_hien_Kiem_toan_IT\"><\/span>Which businesses need to conduct IT audits?<span class=\"ez-toc-section-end\"><\/span><\/h3>                <div>\n\t\t\t\t\t                    <p>\n\t\t\t\t\t\tEvery business that uses IT to process critical financial transactions needs an IT audit, especially companies with complex ERP systems, large volumes of electronic transactions, or those subject to strict legal regulation.                    <\/p>\n                <\/div>\n            <\/div>\n        <\/section>\n\t\t        <section class=\"sc_fs_faq sc_card\">\n            <div>\n\t\t\t\t<h3><span class=\"ez-toc-section\" id=\"Chung_chi_CISA_la_gi_va_co_vai_tro_nhu_the_nao_trong_Kiem_toan_IT\"><\/span>What is CISA certification and what is its role in IT auditing?<span class=\"ez-toc-section-end\"><\/span><\/h3>                <div>\n\t\t\t\t\t                    <p>\n\t\t\t\t\t\tCISA (Certified Information Systems Auditor) is the most prestigious international certification, certifying that professionals possess the knowledge and skills to assess, design, control, and ensure the compliance of IT systems.                    <\/p>\n                <\/div>\n            <\/div>\n        <\/section>\n\t\t        <section class=\"sc_fs_faq sc_card\">\n            <div>\n\t\t\t\t<h3><span class=\"ez-toc-section\" id=\"Cac_khuon_kho_kiem_soat_pho_bien_nhat_duoc_su_dung_trong_Kiem_toan_IT_la_gi\"><\/span>What are the most common control frameworks used in IT auditing?<span class=\"ez-toc-section-end\"><\/span><\/h3>                <div>\n\t\t\t\t\t                    <p>\n\t\t\t\t\t\tThe main frameworks include COBIT (for IT Governance and Management) and ISO\/IEC 27001 (for Information Security Management Systems).                    <\/p>\n                <\/div>\n            <\/div>\n        <\/section>\n\t\t        <section class=\"sc_fs_faq sc_card\">\n            <div>\n\t\t\t\t<h3><span class=\"ez-toc-section\" id=\"Kiem_toan_IT_co_giup_phat_hien_gian_lan_ke_toan_khong\"><\/span>Can IT audits help detect accounting fraud?<span class=\"ez-toc-section-end\"><\/span><\/h3>                <div>\n\t\t\t\t\t                    <p>\n\t\t\t\t\t\tYes, IT audits help detect fraud by analyzing user authorizations (SoDs) and using advanced data analysis techniques (CAATs) to look for unusual transactions.                    <\/p>\n                <\/div>\n            <\/div>\n        <\/section>\n\t\t        <section class=\"sc_fs_faq sc_card\">\n            <div>\n\t\t\t\t<h3><span class=\"ez-toc-section\" id=\"Kiem_toan_IT_xu_ly_thach_thuc_tu_Dien_toan_Dam_may_Cloud_nhu_the_nao\"><\/span>How do IT auditors address the challenges posed by Cloud Computing?<span class=\"ez-toc-section-end\"><\/span><\/h3>                <div>\n\t\t\t\t\t                    <p>\n\t\t\t\t\t\tIT auditors address the Cloud challenge by evaluating the Service Provider&#039;s SOC (Internal Audit) Report and reviewing compliance clauses in the SLA contract.                    <\/p>\n                <\/div>\n            <\/div>\n        <\/section>\n\t\t\n<script type=\"application\/ld+json\">\n    {\n\t\t\"@context\": \"https:\/\/schema.org\",\n\t\t\"@type\": \"FAQPage\",\n\t\t\"mainEntity\": [\n\t\t\t\t{\n\t\t\t\t\"@type\": \"Question\",\n\t\t\t\t\"name\": \"Ki\u1ec3m to\u00e1n IT kh\u00e1c g\u00ec so v\u1edbi Ki\u1ec3m to\u00e1n B\u00e1o c\u00e1o T\u00e0i ch\u00ednh truy\u1ec1n th\u1ed1ng?\",\n\t\t\t\t\"acceptedAnswer\": {\n\t\t\t\t\t\"@type\": \"Answer\",\n\t\t\t\t\t\"text\": \"Ki\u1ec3m to\u00e1n IT \u0111\u00e1nh gi\u00e1 h\u1ec7 th\u1ed1ng ki\u1ec3m so\u00e1t CNTT l\u00e0 n\u1ec1n t\u1ea3ng s\u1ea3n xu\u1ea5t ra d\u1eef li\u1ec7u, kh\u00e1c v\u1edbi Ki\u1ec3m to\u00e1n BCTC truy\u1ec1n th\u1ed1ng t\u1eadp trung v\u00e0o t\u00ednh trung th\u1ef1c c\u1ee7a c\u00e1c s\u1ed1 li\u1ec7u t\u00e0i ch\u00ednh \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o ra.\"\n\t\t\t\t\t\t\t\t\t}\n\t\t\t}\n\t\t\t,\t\t\t\t{\n\t\t\t\t\"@type\": \"Question\",\n\t\t\t\t\"name\": \"Doanh nghi\u1ec7p n\u00e0o c\u1ea7n th\u1ef1c hi\u1ec7n Ki\u1ec3m to\u00e1n IT?\",\n\t\t\t\t\"acceptedAnswer\": {\n\t\t\t\t\t\"@type\": \"Answer\",\n\t\t\t\t\t\"text\": \"M\u1ecdi doanh nghi\u1ec7p s\u1eed d\u1ee5ng CNTT \u0111\u1ec3 x\u1eed l\u00fd giao d\u1ecbch t\u00e0i ch\u00ednh quan tr\u1ecdng \u0111\u1ec1u c\u1ea7n Ki\u1ec3m to\u00e1n IT, \u0111\u1eb7c bi\u1ec7t l\u00e0 c\u00e1c c\u00f4ng ty c\u00f3 h\u1ec7 th\u1ed1ng ERP ph\u1ee9c t\u1ea1p, giao d\u1ecbch \u0111i\u1ec7n t\u1eed l\u1edbn ho\u1eb7c ch\u1ecbu s\u1ef1 qu\u1ea3n l\u00fd ph\u00e1p l\u00fd nghi\u00eam ng\u1eb7t.\"\n\t\t\t\t\t\t\t\t\t}\n\t\t\t}\n\t\t\t,\t\t\t\t{\n\t\t\t\t\"@type\": \"Question\",\n\t\t\t\t\"name\": \"Ch\u1ee9ng ch\u1ec9 CISA l\u00e0 g\u00ec v\u00e0 c\u00f3 vai tr\u00f2 nh\u01b0 th\u1ebf n\u00e0o trong Ki\u1ec3m to\u00e1n IT?\",\n\t\t\t\t\"acceptedAnswer\": {\n\t\t\t\t\t\"@type\": \"Answer\",\n\t\t\t\t\t\"text\": \"CISA (Certified Information Systems Auditor) l\u00e0 ch\u1ee9ng ch\u1ec9 qu\u1ed1c t\u1ebf uy t\u00edn nh\u1ea5t, ch\u1ee9ng nh\u1eadn chuy\u00ean gia c\u00f3 \u0111\u1ee7 ki\u1ebfn th\u1ee9c v\u00e0 k\u1ef9 n\u0103ng \u0111\u1ec3 \u0111\u00e1nh gi\u00e1, thi\u1ebft k\u1ebf ki\u1ec3m so\u00e1t v\u00e0 \u0111\u1ea3m b\u1ea3o t\u00ednh tu\u00e2n th\u1ee7 c\u1ee7a h\u1ec7 th\u1ed1ng CNTT.\"\n\t\t\t\t\t\t\t\t\t}\n\t\t\t}\n\t\t\t,\t\t\t\t{\n\t\t\t\t\"@type\": \"Question\",\n\t\t\t\t\"name\": \"C\u00e1c khu\u00f4n kh\u1ed5 ki\u1ec3m so\u00e1t ph\u1ed5 bi\u1ebfn nh\u1ea5t \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong Ki\u1ec3m to\u00e1n IT l\u00e0 g\u00ec?\",\n\t\t\t\t\"acceptedAnswer\": {\n\t\t\t\t\t\"@type\": \"Answer\",\n\t\t\t\t\t\"text\": \"C\u00e1c khu\u00f4n kh\u1ed5 ch\u00ednh bao g\u1ed3m COBIT (cho Qu\u1ea3n tr\u1ecb v\u00e0 Qu\u1ea3n l\u00fd CNTT) v\u00e0 ISO\/IEC 27001 (cho H\u1ec7 th\u1ed1ng Qu\u1ea3n l\u00fd An ninh Th\u00f4ng tin).\"\n\t\t\t\t\t\t\t\t\t}\n\t\t\t}\n\t\t\t,\t\t\t\t{\n\t\t\t\t\"@type\": \"Question\",\n\t\t\t\t\"name\": \"Ki\u1ec3m to\u00e1n IT c\u00f3 gi\u00fap ph\u00e1t hi\u1ec7n gian l\u1eadn k\u1ebf to\u00e1n kh\u00f4ng?\",\n\t\t\t\t\"acceptedAnswer\": {\n\t\t\t\t\t\"@type\": \"Answer\",\n\t\t\t\t\t\"text\": \"C\u00f3, Ki\u1ec3m to\u00e1n IT gi\u00fap ph\u00e1t hi\u1ec7n gian l\u1eadn th\u00f4ng qua vi\u1ec7c ph\u00e2n t\u00edch quy\u1ec1n h\u1ea1n ng\u01b0\u1eddi d\u00f9ng (SoD) v\u00e0 s\u1eed d\u1ee5ng c\u00e1c k\u1ef9 thu\u1eadt ph\u00e2n t\u00edch d\u1eef li\u1ec7u chuy\u00ean s\u00e2u (CAATs) \u0111\u1ec3 t\u00ecm ki\u1ebfm giao d\u1ecbch b\u1ea5t th\u01b0\u1eddng.\"\n\t\t\t\t\t\t\t\t\t}\n\t\t\t}\n\t\t\t,\t\t\t\t{\n\t\t\t\t\"@type\": \"Question\",\n\t\t\t\t\"name\": \"Ki\u1ec3m to\u00e1n IT x\u1eed l\u00fd th\u00e1ch th\u1ee9c t\u1eeb \u0110i\u1ec7n to\u00e1n \u0110\u00e1m m\u00e2y (Cloud) nh\u01b0 th\u1ebf n\u00e0o?\",\n\t\t\t\t\"acceptedAnswer\": {\n\t\t\t\t\t\"@type\": \"Answer\",\n\t\t\t\t\t\"text\": \"Ki\u1ec3m to\u00e1n IT x\u1eed l\u00fd th\u00e1ch th\u1ee9c Cloud b\u1eb1ng c\u00e1ch \u0111\u00e1nh gi\u00e1 B\u00e1o c\u00e1o SOC (ki\u1ec3m to\u00e1n n\u1ed9i b\u1ed9 c\u1ee7a nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5) v\u00e0 xem x\u00e9t c\u00e1c \u0111i\u1ec1u kho\u1ea3n tu\u00e2n th\u1ee7 trong h\u1ee3p \u0111\u1ed3ng SLA.\"\n\t\t\t\t\t\t\t\t\t}\n\t\t\t}\n\t\t\t\t    ]\n}\n<\/script>\n<button class=\"rank-math-content-ai-tooltip\">AI-powered simplification<\/button><\/p>","protected":false},"excerpt":{"rendered":"<p>Ki\u1ec3m to\u00e1n IT l\u00e0 quy tr\u00ecnh \u0111\u00e1nh gi\u00e1 \u0111\u1ed9c l\u1eadp c\u00e1c h\u1ec7 th\u1ed1ng, c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng v\u00e0 ho\u1ea1t \u0111\u1ed9ng CNTT c\u1ee7a doanh nghi\u1ec7p. M\u1ee5c ti\u00eau l\u00e0 \u0111\u1ea3m b\u1ea3o h\u1ec7 th\u1ed1ng b\u1ea3o v\u1ec7 t\u00e0i s\u1ea3n hi\u1ec7u qu\u1ea3, duy tr\u00ec t\u00ednh to\u00e0n v\u1eb9n v\u00e0 \u0111\u1ed9 tin c\u1eady c\u1ee7a d\u1eef li\u1ec7u k\u1ebf to\u00e1n, v\u1eadn h\u00e0nh \u0111\u00fang quy [&hellip;]<\/p>","protected":false},"author":5,"featured_media":4087,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4084","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"acf":[],"_links":{"self":[{"href":"https:\/\/kiemtoan.man.net.vn\/en\/wp-json\/wp\/v2\/posts\/4084","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kiemtoan.man.net.vn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kiemtoan.man.net.vn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kiemtoan.man.net.vn\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/kiemtoan.man.net.vn\/en\/wp-json\/wp\/v2\/comments?post=4084"}],"version-history":[{"count":3,"href":"https:\/\/kiemtoan.man.net.vn\/en\/wp-json\/wp\/v2\/posts\/4084\/revisions"}],"predecessor-version":[{"id":4542,"href":"https:\/\/kiemtoan.man.net.vn\/en\/wp-json\/wp\/v2\/posts\/4084\/revisions\/4542"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kiemtoan.man.net.vn\/en\/wp-json\/wp\/v2\/media\/4087"}],"wp:attachment":[{"href":"https:\/\/kiemtoan.man.net.vn\/en\/wp-json\/wp\/v2\/media?parent=4084"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kiemtoan.man.net.vn\/en\/wp-json\/wp\/v2\/categories?post=4084"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kiemtoan.man.net.vn\/en\/wp-json\/wp\/v2\/tags?post=4084"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}