Management of IT Auditing John Schultz. Define IT – What areas should be considered for inclusion in an IT audit plan? Evaluate IT-related Risk – Doing.

Slides:



Advertisements
Similar presentations
Software Quality Assurance Plan
Advertisements

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Cloud Computing - clearing the fog Rob Gear 8 th December 2009.
Software Quality Assurance Plan
Information Technology Control Day IV Afternoon Sessions.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 1 - Modern Security Threats.
Security Controls – What Works
Chapter 12 Strategies for Managing the Technology Infrastructure.
Robust Tools for Archiving and Preserving Digital Data Joseph JaJa, Mike Smorul, and Mike McGann Institute for Advanced Computer Studies Department of.
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
1 Requirements Analysis and Specification Requirements analysis.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
1 Requirements Analysis and Specification Requirements analysis.
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Frequently asked questions about software engineering
Change Management Chris Colomb Trish Fullmer Jordan Bloodworth Veronica Beichner.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Computer Systems & Architecture Lesson Software Product Lines.
April 2, 2013 Longitudinal Data system Governance: Status Report Alan Phillips Deputy Director, Fiscal Affairs, Budgeting and IT Illinois Board of Higher.
AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Copyright Course Technology School of Information Technology B327 Information Systems Specification.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Chapter 1- Introduction Lecture 1 Ready, fire, aim (the fast approach to software development). Ready, aim, aim, aim, aim... (the slow approach to software.
Update from Business Week Number of Net Fraud Complaints – 2002 – 48,252 – 2004 – 207,449.
Best Practices By Gabriel Rodriguez
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 1 DATABASE SYSTEMS (Cont’d) Instructor Ms. Arwa Binsaleh.
COBIT - IT Governance.
Industrial Software Project Management Some views on project managing industrial and business software projects.
Topic (1)Software Engineering (601321)1 Introduction Complex and large SW. SW crises Expensive HW. Custom SW. Batch execution.
IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee
Product Development Chapter 6. Definitions needed: Verification: The process of evaluating compliance to regulations, standards, or specifications.
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
How To Build a Testing Project 1 Onyx Gabriel Rodriguez.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Auditing Information Systems (AIS)
Mobile Banking By: Chenyu Gong, Jalal Hafidi, Harika Malineni.
Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President,
CS 3610: Software Engineering – Fall 2009 Dr. Hisham Haddad – CSIS Dept. Chapter 2 The Software Process Discussion of the Software Process: Process Framework,
Eliza de Guzman HTM 520 Health Information Exchange.
Database Administration
Lesson 3: Web Project Management Fundamentals. Objectives Document customer expectations and feedback Determine site project implementation factors Create.
Chapter 8 Auditing in an E-commerce Environment
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
ICT Legislation  Copyright, Designs and Patents Act (1988);  Computer Misuse Act (1990);  Health and Safety at Work Act (1974);  EU Health and Safety.
WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.
Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.
Information Security tools for records managers Frank Rankin.
LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.
Configuration Control (Aliases: change control, change management )
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
Dr. Ir. Yeffry Handoko Putra
Review of IT General Controls
Corporate Presentation
Chapter 1- Introduction
Project Management PTM721S
CAPE Internal Assessment
IS4680 Security Auditing for Compliance
Systems Analysis and Design in a Changing World, 6th Edition
CS385T Software Engineering Dr.Doaa Sami
HIPAA Security Standards Final Rule
IT-audit case PEMPAL, Skopje, April 2019.
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Management of IT Auditing John Schultz

Define IT – What areas should be considered for inclusion in an IT audit plan? Evaluate IT-related Risk – Doing so will help ensure that IT audit procedures and resources are focused on the areas that represent the most risk to the organization. Define the IT Audit Universe – defining the IT audit universe will help effectively balances IT audit needs with resource constraints. Execute IT Audits – how to execute IT audit procedures and how to understand what standards and frameworks exist in the marketplace that can support required procedures. Manage the IT Audit Function – techniques for maximizing the effectiveness of the IT audit function and managing IT audit resources. Address Emerging Issues – IT evolves rapidly. This evolution can introduce significant new risks into an organization.

IT Environment

IT related Risks Availability – when the system is unavailable for use. Security – when unauthorized access to systems occurs. Integrity – when the data is incomplete or inaccurate. Confidentiality – when information is not kept secret. Effectiveness – when the system does not deliver an intended or expected function. Efficiency – when the systems cause a sub-optimal use of resources.

IT Audit Universe Using overly broad definitions for IT audits (e.g. IT general controls) will almost ensure that there will be scope creep in audit procedures. The audit universe for the year should touch on all the layers in the IT environment. IT audits should be structured in such a way as to provide for effective and logical reporting. IT audits should cover the appropriate risks.

Executing IT Audits

Managing the IT Audit Function Audit Facilitators -Electronic Work papers -Project Management Software -Flowcharting Software -Open Issue Tracking Software -Audit Department Web Site Audit Accelerators -Data Analysis Software -Security Analysis Tools -Network Analysis Tools -Hacking Tools -Application Security Analysis Tools

Emerging Issues Wireless Networks Wireless Networks Mobile Devices Mobile Devices Interfaces Interfaces Data Management Data Management Privacy Privacy Segregation of Duties Segregation of Duties Administrative Access Administrative Access Configurable Controls Configurable Controls Piracy Piracy

Management of IT Auditing John Schultz