OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP 221601 YAP YONG TECK 228407 TAN YUAN JUE 226491 TAY QIU JIE 227495 GROUP MEMBER:

Slides:

Advertisements

Similar presentations

VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.

Advertisements

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

Control and Accounting Information Systems

ITAuditing Using GAS & CAATs

Overview of IS Controls, Auditing, and Security Fall 2005.

Security and Personnel

Internal Control.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

The Islamic University of Gaza

Security Controls – What Works

1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.

ISS IT Assessment Framework

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

1 Sarbanes-Oxley IT Audits. 2 Sarbanes-Oxley 2002 Recommended “audit firms place a high priority on enhancing the overall effectiveness of auditors’ work.

Operational Auditing--Fall Operational Auditing Fall 2009 Professor Bill O’Brien.

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

MIS350 Accounting Information Systems Course Context.

Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

1 Pertemuan 9 Department Organization Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

The CPA Profession Chapter 2.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

PROJECT ON information system audit

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.

Information Technology Audit

Internal Auditing and Outsourcing

1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.

Information Security Framework & Standards

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

Central Piedmont Community College Internal Audit.

Overview of Systems Audit

ISMMMO, Antalya April Internal Audit, Best Practices Özlem Aykaç, CIA,CCSA CAE Coca-Cola İçecek.

The CPA Profession Chapter 2 By Arens et. al. Learning Objective 1 Describe the nature of CPA firms, what they do, and their structure.

INTERNAL CONTROL OVER FINANCIAL REPORTING

Chapter 5 Internal Control over Financial Reporting

Internal Control in a Financial Statement Audit

Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

1 Information Technology (IT) Auditing & Control Instructor: Dr. Princely Ifinedo Cape Breton University (CBU)

Mark Estberg, John Howie Senior Directors Microsoft Corporation SESSION CODE: SIA317.

Eliza de Guzman HTM 520 Health Information Exchange.

Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.

Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.

Accounting and Information Systems: a powerful combination.

Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.

(2) Organize information processing centers environment, the various functions and details Information technology audit: An information technology audit,

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

Audits are performed to ascertain the validity and reliability of information; also to provide an assessment of a system's internal control. The goal.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

© 2007 by Prentice HallManagement Information Systems, 10/e Raymond McLeod and George Schell 1 Information Auditing ► External auditors from outside the.

Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.

MS in IT Auditing, Cyber Security, and Risk Assessment

CPA Gilberto Rivera, VP Compliance and Operational Risk

INFORMATION SYSTEMS SECURITY AND CONTROL.

Transforming IT Management

Computer-Based Processing: Developing an Audit Assessment Approach

Adding Value Across the Board

IS4680 Security Auditing for Compliance

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

An overview of Internal Controls Structure & Mechanism

Presentation transcript:

OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP YAP YONG TECK TAN YUAN JUE TAY QIU JIE GROUP MEMBER:

Data integrity Support traditional audit Goals achieved effectively Law & regulation Safeguards assets

Q : What is the demand for IT/IS audit professionals? A : It is increasing. According to CNN Money, IT audit is one of the fastest-growing professions, with 22 percent to 30 percent growth estimated for Organizations are looking for IT audit professionals to assess and recommend ways to mitigate the impacts of today’s technology risks.

Accounting scandals in recent years point to a need for more monitoring and oversight. So, as IT is becoming more complex and pervasive, the need for auditing is also on the rise. Thus, IT auditors are going to be in demand. The growth in information technology capabilities and the effects of the Sarbanes-Oxley Act and other legislation are driving demand for information technology auditors in public, private, non¬profit and government sectors. Graduates may find jobs as information systems auditors or risk managers in the Big 4 accounting firms, risk management consultants in financial services industries.

IT Governance - reviews of the organization’s fiduciary responsibility in satisfying the quality of IT delivery services while aligning with the business objectives and establishing an adequate system of internal controls. Information Systems - focus on security controls of physical and logical security of the server including administration of server accounts, system logging and monitoring, and system backup. Integrated Audits - reviews of the business operations and their dependency of automated systems to support the business process. From the technology perspective, the audit focuses on application controls, administration of user access, application change control and backup and recovery to assure reliability, integrity and availability of the data. Control Self-assessments - Control Self-assessments are designed for department that manages and operates a technology environment. These self-assessment tools can be used to identify potential areas of control weakness in the management of the technology environment. Compliance - Compliance audits include Payment Card Industry(PCI), the Health Insurance Portability and Accountability Act (HIPAA), and any other applicable laws and regulations.

Systems and Applications. To verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity. Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions. Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards Management of IT and Enterprise Architecture: To verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for Information Processing. Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that telecommunication controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.

Technological innovation process audit. The audit will assess the length and depth of the company's experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure. Innovative comparison audit. This audit is an analysis of the innovative abilities of the company being audited, in comparison to its competitors.This requires examination of company's research and development facilities, as well as its track record in actually producing new products. Technological position audit: This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing" or "emerging".

 Analyzes and interprets many different types of computer or information systems within a company or organization  Developing and maintaining a company’s information systems  Maintains and develops computerized audit software

 Prepare and presents written and oral reports and other technical information management  Follow up on audit findings to ensure that management has taken corrective action  Ensure there is no fraudulent activity, unnecessary spending, or non compliance with the laws and regulations

ISACAISACA Certifications Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in the Governance of Enterprise IT (CGEIT) Certified in Risk and Information Systems Control (CRISC)