Overview of IT Auditing

Slides:



Advertisements
Similar presentations
Software Quality Assurance Plan
Advertisements

Chapter 1 Business Driven Technology
Alignment of COBIT to Botswana IT Audit Methodology
SAI Performance Measurement Framework
A Consultative Approach to Auditing
Chapter 10 Accounting Information Systems and Internal Controls
W5HH Principle As applied to Software Projects
By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
IS Audit Function Knowledge
IT Planning.
External Quality Assessments
Change Advisory Board COIN v1.ppt Change Advisory Board ITIL COIN June 20, 2007.
Conducting the IT Audit
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],
Assessment of Innovative Environment
Effective Methods for Software and Systems Integration
1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.
Copyright Course Technology 1999
Management Information Systems
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
Problem Identification
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?
IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee
IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
National Commission for Academic Accreditation & Assessment Developmental Reviews at King Saud University and King Faisal University.
Microsoft Operations Framework Morten Lauridsen Engagement Manager Microsoft Consulting Services Morten Lauridsen Engagement Manager.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Workshop on Implementing Audit Quality Practices Working Group on Audit Manuals and Methods March 2006 Vilnius (Lithuania) Hungarian Experiences.
Introduction to Information Security
Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,
Chapter 9 The People in Information Systems. Learning Objectives Upon successful completion of this chapter, you will be able to: Describe each of the.
SEN 460 Software Quality Assurance. Bahria University Karachi Campus Waseem Akhtar Mufti B.E(C.S.E) UIT, M.S(S.E) AAU Denmark Assistant Professor Department.
Configuration Control (Aliases: change control, change management )
Internal Audit Quality Assessment Guide
© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition.
Government Internal Audit Career
Systems Analysis and Design in a Changing World, Fifth Edition
Planning for Succession
CPA Gilberto Rivera, VP Compliance and Operational Risk
Business System Development
Quality assurance in population and housing census SUDAN’s EXPERIANCE in QUALITY assurance of Censuses By salah El din. A . Magid OUR EXPERIANCE IN 5.
Compliance with Framework of Quality Control - General & Specific Controls CA Vimal Chopra, Ex Chairman of CIRC of ICAI.
CHAPTER 1 FOUNDATIONS OF IS Subject Name: MANGEMENT INFORMATION SYSTEM
Empower Managers to Take Ownership of Employee Engagement
Chapter 6: Database Project Management
How to Survive an External Quality Assessment
Building the foundations for innovation
SAMPLE Foster an Effective Feedback Environment
CCNET Managed Services
Systems Analysis – ITEC 3155 Evaluating Alternatives for Requirements, Environment, and Implementation.
IT Roles and Responsibilities
CMMI – Staged Representation
Air Carrier Continuing Analysis and Surveillance System (CASS)
Making Information Security Manageable with GRC
USAID/Peru Risk Assessment In-Briefing
Alignment of COBIT to Botswana IT Audit Methodology
CSSSPEC6 SOFTWARE DEVELOPMENT WITH QUALITY ASSURANCE
Academic Relations Chapter Outreach Toolkit
Adding Value Across the Board
ISO management systems
Taking the STANDARDS Seriously
IST346: What Is IT?.
Chapter 3: Project Integration Management
Internal Audit Who? What? When? How? Why? In brief . . .
Developing SMART Professional Development Plans
Presentation transcript:

Overview of IT Auditing Audit TSI Overview of IT Auditing

IT Audit IT Auditing Concept

IT Audit: Concept IT Auditing Audit IT

IT Audit: Concept The internal audit department to promote internal controls to help the company develop cost-effective solutions for addressing issues GOAL

IT Audit: Concept Merely reporting issues accomplishes nothing, except to make people look bad, get them fired, and create hatred of auditors. The real value comes when issues are addressed and problems are solved. In other words, reporting the issues is a means to an end. The end result improves the state of internal controls at the company. Reporting them provides a mechanism by which the issues are brought to light and can therefore receive the resources and attention needed to fix them.

IT Audit: Concept In summary, the internal audit department’s mission is twofold: To provide independent assurance to the audit committee (and senior management) that internal controls are in place at the company and are functioning effectively. To improve the state of internal controls at the company by promoting internal controls and by helping the company identify control weaknesses and develop cost-effective solutions for addressing those weaknesses.

IT Audit: Concept Internal controls is used frequently throughout this chapter. Stated in the simplest terms, internal controls are mechanisms that ensure the proper functioning of processes within the company. Every system and process exists for some specific business purpose. The auditor must look for risks that could impact the accomplishment of those purposes and then ensure that internal controls are in place to mitigate those risks.

therefore, you are not independent IT Audit: Concept INDEPENDENT? As an auditor, you work for the company and report to its management; therefore, you are not independent

IT Audit: Concept

Consulting and Early Involvement Many auditors are terrified when they are asked for a pre-implementation opinion. What if they give bad advice? Then they are as responsible for the control failure as the IT folks who implemented the system. Surely it’s better to say nothing and let the IT people “sink or swim” on developing controls, right? The auditors always can audit them later and tell them where they screwed up. Auditors need to be willing to step up to the plate and provide input. Whether you provide an opinion before implementation or after, you still should be providing essentially the same input.

Consulting and Early Involvement When it comes to working with teams before implementation, some lines shouldn’t be crossed. The auditor should not be afraid to brainstorm with the team about how the controls should work. However, this should not include actually executing the control, writing the code for implementing it, or configuring the system. You can’t both own the control and audit it, but you should feel comfortable providing as much input as possible regarding what the control should look like.

Four Methods for Consulting and Early Involvement Early involvement “Once you’ve created a system, tested it, and implemented it, it is much more expensive to go back and change it than if you had done it right the first time.”

Four Methods for Consulting and Early Involvement Informal Audit “Tell the people you’re auditing that you don’t intend to track the issues coming out of the review but that if you find a major issue, you’ll have to make an exception.”

Four Methods for Consulting and Early Involvement Knowledge Sharing “One of the easiest communication vehicles should be the company’s intranet. The internal audit department should have its own website.” Control Guidelines Common Issues, Best Practices, and Innovative Solutions Tools

Four Methods for Consulting and Early Involvement Self-Assessments “It is up to each audit department to determine whether it wants to implement a control self-assessment (CSA) model formally.”

The Role of the IT Audit Team

The Role of the IT Audit Team Data center facilities This, quite simply, is the physical building and data center housing the computer equipment on which the system in question resides. Networks This allows other systems and users to communicate with the system in question when they do not have physical access to it. This layer includes basic networking devices such as firewalls, switches, and routers. System platform This provides the basic operating environment on which the higher level application runs. Examples are operating systems such as Unix, Linux, and Windows.

The Role of the IT Audit Team Databases This tool organizes and provides access to the data being run by the end application. Applications This is the end application, which actually is seen and accessed by the end user. This could be an enterprise resource planning (ERP) application providing basic business functions, an e-mail application, or a system that allows conference rooms to be scheduled.

The Role of the IT Audit Team Application Auditors Application Layers Data Extraction and Analysis Specialists pulling data and analyzing it -> experts at data extraction and analysis tools IT Auditors database layer and below

IT Audit: Concept Summary The real mission of the internal audit department is to help improve the state of internal controls at the company. Internal auditors are not truly independent, but they should be objective. It is important to find ways to accomplish the department’s mission outside of formal audits. Early involvement, informal audits, knowledge sharing, and self-assessments are four important tools in this regard. Building and maintaining good relationships with the IT organization are critical elements of the IT audit team’s success.

IT Audit: Concept Summary The most effective IT audit teams ensure that every layer of the stack is covered, not just the application layer. Successful IT audit teams generally will consist of a combination of career auditors and IT professionals. It is critical to develop methods for maintaining the technical expertise of the IT audit team. A healthy relationship should be developed with external IT auditors.

IT Audit Process & Technique

IT Audit: Process Planning Fieldwork and documentation Issue discovery and validation Solution development Report drafting and issuance Issue tracking

IT Audit: Techniques

IT Audit Regulation

IT Audit: Regulation As information technology (IT) matured during the late twentieth century, the IT department within each organization typically developed its own methods for managing operations. Eventually, frameworks and standards emerged to provide guidelines for the management and evaluation of IT processes.

IT Audit: Regulation Committee of Sponsoring Organizations (COSO) Control Objectives for Information and Related Technology (COBIT) IT Infrastructure Library (ITIL) ISO 27001 National Security Agency (NSA) INFOSEC Assessment Methodology Frameworks and standards trends

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.