What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising.

Slides:

Advertisements

Similar presentations

SAI Performance Measurement Framework

Advertisements

Agenda COBIT 5 Product Family Information Security COBIT 5 content

Establish Verification Procedures (Task 11 / Principle 6)

By Collin Smith COBIT Introduction By Collin Smith

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

ISO 9001 Interpretation : Exclusions

First Practice - Information Security Management System Implementation and ISO Certification.

What are the challenges of implementing ISSAIs in NAO of Estonia? Krista Zibo Audit manager of Financial Audit Department Meeting of Experts of SAIs of.

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

Information Systems Controls for System Reliability -Information Security-

Learning Objectives LO1 Introduce the concept of auditor responsibilities. LO2 Explain the importance of the study of ethics in helping define auditor.

Internal Auditing and Outsourcing

COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.

Basics of OHSAS Occupational Health & Safety Management System

The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.

INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

ISO 9001:2008 to ISO 9001:2015 Summary of Changes

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Audit Planning Process

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

PSC INTOSAI Professional Standards Committee The auditing function of Supreme Audit Institutions A systematic mapping of the auditing assignments of selected.

Compliance Audit Subcommittee Reporting Work Plan Copenhagen, Denmark 6th of May 2010.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

The common structure and ISO 9001:2015 additions

Internal Auditing ISO 9001:2015

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.

Service Organization Control Reports What Have We Learned? Chris Bruhn DIRECTOR, IT RISK SERVICES, BKD, LLP SAS 70 ENDS EXIT TO SSAE 16.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Overview of Standards on Cost Auditing By: CMA Pradip H.Desai.

SQA project process standards IEEE software engineering standards

Internal and external control in an automated environment

Internal Control in a Financial Statement Audit

14th CAS meeting Performance reporting Presentation by SAI-SA

Data Architecture World Class Operations - Impact Workshop.

SQA project process standards IEEE software engineering standards

Getting to Know Internal Auditing

Getting to Know Internal Auditing

IDI Survey on PSC Standard Setting 22 May 2014 , Bahrain

The ISSAIs for Financial Audit ISSAIs

How to Communicate Assurance?

Service Organization Control (SOC)

Safety Accountabilities

Fundamentals of ISO.

HIGHLIGHTING THE KEY CHANGES

Internal control - the IA perspective

External Audit Core PFM Training Program Sanjay Vani

Transition ISO 9001:2008 to ISO 9001:2015

Alignment of COBIT to Botswana IT Audit Methodology

the Public Procurement Audit Practical Guide

Getting to Know Internal Auditing

Canadian Auditing Standards (CAS)

IT Audit Capacity Building

Support for strengthening Quality Assurance

Engineering Processes

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

CAS Meeting, September 2014, Oslo

The use of plugins A plugin (or plug-in, or extension) is a component that adds a specific feature to the “standard” Handbook on IT Audit for Supreme Audit.

Progress Report on proposed GUID on Information TECHNOLOGY Audit

COBIT 5 and GRC Date.

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

Awareness and Auditor training kit

Presentation transcript:

What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising security, privacy, cost, and other critical business elements WGITA – IDI Handbook on IT Audit for Supreme Audit Institutions 02-05-2019 SAI Identification

IT and basic types of audit IT Audit is, thus, a broad term that pervades Financial Audits - to assess the organization’s financial statements Compliance Audits - evaluation of internal controls Performance Audits - to assess whether the IT Systems meet the needs of the users and do not subject the entity to unnecessary risk ISSAI 5300 paragraph 3.2 02-05-2019 SAI Identification

Objective The Active IT Audit Manual tool is based on the IT Audit Handbook and have the essential objective of helping the auditor to plan and conduct IT audits It provides the users with: practical guidance essential technical information, and key audit questions 02-05-2019 SAI Identification

Content Follows the general principles of auditing set out in the International Standards for Supreme Audit Institutions (ISSAI) It provides an SAIs tailored working tool, which can be integrated with governance frameworks like the ISACA COBiT model, pronouncements of the International Standards Organization (ISO), or standards, guides and manuals from some of the SAIs 02-05-2019 SAI Identification

Structure Centered in detailed description of different IT domains which will assist the IT auditors in identifying potential auditable areas IT Governance IT Operations Development and Acquisition Outsourcing Information Security Business Continuity and Disaster Recovery Application Controls 02-05-2019 SAI Identification

Scoping Start with planning on a risk assessment based selection We call it scoping through IT domain cascade: identify a specific domain or a combination of domains select the most critical areas and issues 02-05-2019 SAI Identification

Mechanics Scope and objective Domains Areas Issues Audit tests plan Extract based on the scope and objective, then On each level: Analyze, validate and optimize each selection Score relative importance within the extracted list Develop a weighted list Scope and objective Domains Areas Issues Use the information in related Audit Matrices at Criteria, Information Required and Analysis Method levels as work base and extend as necessary Assertions Audit tests plan Extract the audit steps Check and adapt so that all key audit questions are covered Identify the accountable and responsible roles Establish what management claims are in place and if they are working well 02-05-2019 SAI Identification

To ensure that the audit process is preserved to enable subsequent verification, monitoring and share of the audit analysis procedures (ISSAI 100 PARAGRAPH 42), the tool produces: A template activity plan, which includes the subject, criteria and scope is produced, as well Audit matrices to help recording the findings during the IT audit conduct A central point to help the auditor interpreting and judging against the audit questions previously raised at the planning stage Possibility to share with the community in the project” Control Space of e-Government” (the CUBE), an EUROSAI initiative 02-05-2019 SAI Identification