IT-audit case PEMPAL, Skopje, April 2019.

Slides:

Advertisements

Similar presentations

HELP Water Law and Policy Dr. Patricia Wouters Director, Water Law and Policy Programme University of Dundee, Scotland Member of HELP Task Force.

Advertisements

Day: Wednesday 9 th November Session: 9.00am am Speaker: Stig Enemark Topic:The Land Management Paradigm.

Chapter 4: Security Policy Documents & Organizational Security Policies.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Professional Behaviour

Global Information Systems

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

INTOSAI Compliance Audit Guidelines (ISSAI )

IS Audit Function Knowledge

1 Pertemuan 3 Auditing Standards and Responsibilities Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

The Information Systems Audit Process

IT Outsourcing Andy Darnell Jennifer Lawrence Jessica Pruitt.

Conducting the IT Audit

Internal Auditing and Outsourcing

1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.

Audit of Public Procurement

INTERNAL AUDIT IN UKRAINE State Financial Inspection of Ukraine

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October

Chapter Three IT Risks and Controls.

COBIT - IT Governance.

Presented By Tay Un Soo Senior VP, Bank of Commerce President of ISACA - Malaysia Chapter 1999 National Accountants Conference THRIVING IN THE DIGITAL.

Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.

Cloud Computing and the Public Sector Risks and Rewards John O’Connor, Partner - Head of Technology & Commercial Contracts.

Eliza de Guzman HTM 520 Health Information Exchange.

Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Shared Services and Third Party Assurance: Panel May 19, 2016.

-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.

Module 6: Business Application Software Audit Chapter 1: Business Application Software Audit 1.

Overview of Standards on Cost Auditing By: CMA Pradip H.Desai.

Where We Are Now. Where We Are Now Project Oversight Project Oversight Oversight’s Purposes: A set of principles and processes to guide and improve.

Operations Start-up Manager

Mirjana Boshnjak Skopje, 20 to 22 September 2017

Internal and external control in an automated environment

Software Quality Control and Quality Assurance: Introduction

COBIT® 5 for Assurance Introduction

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.

What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.

PRESENTATION OF MONTENEGRO

Scope of the audit Reference Frameworks Tashkent, October 2017.

General Data Protection Regulation

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.

INTRODUCTION TO Compliance audit METHODOLGY and CAM

Conducting business the right way

Planning the Audit Engagement: key ingredients

Internal control - the IA perspective

Communication and Consultation with Interested Parties by the RB

The EPSO Peer Evaluation of the Danish Health and Medicines Authority

Alignment of COBIT to Botswana IT Audit Methodology

COBIT® 5 for Assurance Introduction

Chapter 8 Developing an Effective Ethics Program

General Data Protection Regulations 2018

COBIT® 5 for Assurance Introduction

Assessing and strengthening Financial Management and Control on entity level PEMPAL, Tbilisi, October 2018.

Bulgaria – Evolution in the Development of the Medium-Term Budgetary Framework Zagreb, Croatia | May 2018.

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.

What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising.

COBIT 5 and GRC Date.

Internal Audit’s Role in Preventing Fraud and Corruption

Good practices for risk assessment and control activities

Presentation transcript:

IT-audit case PEMPAL, Skopje, April 2019

Context: Introduction of new integrated software which encompasses all HR-process: SAP-HR; The SAP-HR system will be introduced by means of a temporary project organization responsible for a flawless implementation. The new SAP-HR system will integrate the following processes: payroll, employee administration, time management, travel management, legal reporting; The Secretary General asked the audit department to give additional assurance on ensuring a flawless transfer to the new integrated system as well as on the governance of the implementation-project itself.

Main risks related to the audited processes: Confidentially (risk of losing/leaking vital or privacy sensitive information to third parties), Integrity (trustworthiness of the data the system delivers); Availability (continuity, back-up and recovery etc.); Risks concerning the appropriate governance arrangements of the IT-project itself.

Objective(s) and scope of the audit engagement: The objective of the audit is to give reasonable assurance on the following key audit-questions: Is the governance of the project designed and functioning in such a way that it will pave the way to successful migration and implementation of SAP-HR within the ministry of Economy?; Is the adequateness of the application- and general controls sufficient related to confidentially of data, integrity of data and the availability of vital information of the HR-related systems during the project phase, migration and delivery phases of the project?; Assurance statements on the proper governance of the project as well as the adequateness of CIA-related controls on application- and general level will be accompanied with recommendations if necessary and applicable. Potential findings and recommendations.

Criteria to be used and audit scope: The objective of the audit is to give reasonable assurance on the following key audit-questions: PRINCE2: PRINCE2 is a structured project management method. PRINCE2 emphasizes dividing projects into manageable and controllable stages. It is adopted in many countries worldwide, including the UK, Western European countries, and Australia; COBIT5: COBIT5 is the only business framework for the governance and management of enterprise/business IT. It is the product of a global task force and development team from ISACA, a nonprofit, independent association of more than 140,000 governance, security, risk and assurance professionals in 187 countries; Existing organizational Procedures and regulations which are relevant for the migration process towards the new SAP-HR system. If these procedures and regulations conflict with requirements of Prince2 and/or COBIT5 it will be noted as an audit finding. SCOPE: The audit will not extend its scope by assessing the key-objectives as defined for the transformation towards the new system.