Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Ir. Yeffry Handoko Putra

Published byBambang Gunawan Modified over 7 years ago

Similar presentations

Presentation on theme: "Dr. Ir. Yeffry Handoko Putra"— Presentation transcript:

1 Dr. Ir. Yeffry Handoko Putra
Chap 4 – ISACA : IT Standards, Guidelines, and Tools and Techniques for Audit and Assurance and Control Professionals Dr. Ir. Yeffry Handoko Putra MAGISTER SISTEM INFORMASI

2 ISACA Updated: 1 March 2010 IT Audit and Assurance Standards are mandatory requirements for certification holders’ reports on the audit and its findings. Codification: Standards are numbered consecutively as they are issued, beginning with S1 Guidelines are numbered consecutively as they are issued, beginning with G1 Tools and Techniques are numbered consecutively as they are issued, beginning with P1.

3 Standards define mandatory requirements for IT audit and assurance
Standards define mandatory requirements for IT audit and assurance. They inform: IT audit and assurance professionals of the minimum level of acceptable performance required to meet the professional responsibilities set out in the ISACA Code of Professional Ethics Management and other interested parties of the profession’s expectations concerning the work of practitioners Holders of the Certified Information Systems Auditor™ (CISA®) designation of requirements. Failure to comply with these standards may result in an investigation into the CISA holder’s conduct by the ISACA Board of Directors or appropriate ISACA committee and, ultimately, in disciplinary action.

4 Guidelines provide guidance in applying IT Audit and Assurance Standards.
The IT audit and assurance professional should consider them in determining how to achieve implementation of the standards, use professional judgement in their application and be prepared to justify any departure. The objective of the IT Audit and Assurance Guidelines is to provide further information on how to comply with the IT Audit and Assurance Standards.

5 Tools and Techniques provide examples of procedures an IT audit and assurance professional might follow. The tools and techniques documents provide information on how to meet the standards when performing IT audit and assurance work, but do not set requirements. The objective of the IT Audit and Assurance Tools and Techniques is to provide further information on how to comply with the IT Audit and Assurance Standards.

6 Index of IT Audit and Assurance Standards
S1 Audit Charter 1 January 2005 S2 Independence 1 January 2005 S3 Professional Ethics and Standards 1 January 2005 S4 Competence 1 January 2005 S5 Planning 1 January 2005 S6 Performance of Audit Work 1 January 2005 S7 Reporting 1 January 2005 S8 Follow-Up Activities 1 January 2005 S9 Irregularities and Illegal Acts 1 September 2005 S10 IT Governance 1 September 2005 S11 Use of Risk Assessment in Audit Planning 1 November 2005 S12 Audit Materiality 1 July 2006 S13 Using the Work of Other Experts 1 July 2006 S14 Audit Evidence 1 July 2006 S15 IT Controls 1 February 2008 S16 E-commerce 1 February 20

7 Index of IT Audit and Assurance Guidelines
G1 Using the Work of Other Auditors 1 March 2008 G2 Audit Evidence Requirement 1 May 2008 G3 Use of Computer Assisted Audit Techniques (CAATs) 1 March 2008 G4 Outsourcing of IS Activities to Other Organisations 1 May 2008 G5 Audit Charter 1 February 2008 G6 Materiality Concepts for Auditing Information Systems 1 May 2008 G7 Due Professional Care 1 March 2008 G8 Audit Documentation 1 March 2008 G9 Audit Considerations for Irregularities and Illegal Acts 1 Sept. 2008 G10 Audit Sampling 1 August 2008 G11 Effect of Pervasive IS Controls 1 August 2008

8 Index of IT Audit and Assurance Guidelines
G12 Organisational Relationship and Independence 1 August 2008 G13 Use of Risk Assessment in Audit Planning 1 August 2008 G14 Application Systems Review 1 October 2008 G15 Audit Planning 1 May 2010 G16 Effect of Third Parties on an Organisation’s IT Controls 1 March 2009 G17 Effect of Nonaudit Role on the IT Audit and Assurance Professional’s Independence 1 May 2010 G18 IT Governance 1 July 2002 G19 Irregularities and Illegal Acts Withdrawn 1 September 2008 G20 Reporting 1 January 2003 G21 Enterprise Resource Planning (ERP) Systems Review 1 August 2003 G22 Business-to-consumer (B2C) E-commerce Review 1 October 2008 G23 System Development Life Cycle (SDLC) Review Reviews 1 August 2003 G24 Internet Banking 1 August 2003 G25 Review of Virtual Private Networks 1 July 2004 G26 Business Process Reengineering (BPR) Project Reviews 1 July 2004

9 Index of IT Audit and Assurance Guidelines
G27 Mobile Computing 1 September 2004 G28 Computer Forensics 1 September 2004 G29 Post-implementation Review 1 January 2005 G30 Competence 1 June 2005 G31 Privacy 1 June 2005 G32 Business Continuity Plan (BCP) Review 1 September 2005 G33 General Considerations on the Use of the Internet 1 March 2006 G34 Responsibility, Authority and Accountability 1 March 2006 G35 Follow-up Activities 1 March 2006 G36 Biometric Controls 1 February 2007 G37 Configuration Management Process 1 November 2007 G38 Access Controls 1 February 2008 G39 IT Organisation 1 May 2008 G40 Review of Security Management Practices 1 October 2008 G41 Return on Security Investment (ROSI) 1 May 2010 G42 Continuous Assurance 1 May 2010

10 Index of IT Audit and Assurance Tools and Techniques
P1 IS Risk Assessment 1 July 2002 P2 Digital Signatures 1 July 2002 P3 Intrusion Detection 1 August 2003 P4 Viruses and other Malicious Code 1 August 2003 P5 Control Risk Self-assessment 1 August 2003 P6 Firewalls 1 August 2003 P7 Irregularities and Illegal Acts 1 November 2003 P8 Security Assessment—Penetration Testing and Vulnerability Analysis 1 September 2004 P9 Evaluation of Management Controls Over Encryption Methodologies 1 January 2005 P10 Business Application Change Control 1 October 2006 P11 Electronic Funds Transfer (EFT) 1 May 2007

11 Exercise: As and IS Auditor what is (write in Indonesia )
Standard for Audit Evidence; Guideline for Audit Evidence; Tools and Techniques for Audit Evidence Standard for Planning; Guideline for ERP; Tools and Techniques for Business Application Change Control

12 Exercise: As and IS Auditor what is
Standard for IT Control; Guideline for Effect of Pervasive Control; Tools and Technique for Control Risk Assessment Standard for use of Risk Assessment in Audit Planning; Guideline for Risk Assessment in Audit Planning; Tools and Technique for IS Risk Assessment

13 Exercise A Exercise B Exercise C Exercise D

Download ppt "Dr. Ir. Yeffry Handoko Putra"

Similar presentations

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Chubaka Producciones Presenta :.

Chubaka Producciones Presenta :.
Security Controls – What Works

Security Controls – What Works
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
2012 JANUARY Sun Mon Tue Wed Thu Fri Sat

2012 JANUARY Sun Mon Tue Wed Thu Fri Sat
IS Audit Function Knowledge

IS Audit Function Knowledge
1 Pertemuan 3 Auditing Standards and Responsibilities Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

1 Pertemuan 3 Auditing Standards and Responsibilities Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Lecture 8 Understanding entity and its environment

Lecture 8 Understanding entity and its environment
What are the challenges of implementing ISSAIs in NAO of Estonia? Krista Zibo Audit manager of Financial Audit Department Meeting of Experts of SAIs of.

What are the challenges of implementing ISSAIs in NAO of Estonia? Krista Zibo Audit manager of Financial Audit Department Meeting of Experts of SAIs of.
Conducting the IT Audit

Conducting the IT Audit
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Certification and Training Presented by Sam Jeyandran.

Certification and Training Presented by Sam Jeyandran.
1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Introduction to IT audits PART II IT.

1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.
Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.

Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.
Professional Standards Committee and Frameworks for IT Audits

Professional Standards Committee and Frameworks for IT Audits
Chapter Three IT Risks and Controls.

Chapter Three IT Risks and Controls.
Chapter 2 The Financial Statement Auditing Environment McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 2 The Financial Statement Auditing Environment McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Fundamental Auditing Concepts. Materiality Evidence Independence Audit risk IS and general audit responsibilities for fraud Assurance.

Fundamental Auditing Concepts. Materiality Evidence Independence Audit risk IS and general audit responsibilities for fraud Assurance.
Presented By Tay Un Soo Senior VP, Bank of Commerce President of ISACA - Malaysia Chapter 1999 National Accountants Conference THRIVING IN THE DIGITAL.

Presented By Tay Un Soo Senior VP, Bank of Commerce President of ISACA - Malaysia Chapter 1999 National Accountants Conference THRIVING IN THE DIGITAL.

Similar presentations

Ads by Google