Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising.

Published byEric Austin Modified over 5 years ago

Similar presentations

Presentation on theme: "What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising."— Presentation transcript:

1 What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising security, privacy, cost, and other critical business elements WGITA – IDI Handbook on IT Audit for Supreme Audit Institutions SAI Identification

2 IT and basic types of audit
IT Audit is, thus, a broad term that pervades Financial Audits - to assess the organization’s financial statements Compliance Audits - evaluation of internal controls Performance Audits - to assess whether the IT Systems meet the needs of the users and do not subject the entity to unnecessary risk ISSAI 5300 paragraph 3.2 SAI Identification

3 Objective The Active IT Audit Manual tool is based on the IT Audit Handbook and have the essential objective of helping the auditor to plan and conduct IT audits It provides the users with: practical guidance essential technical information, and key audit questions SAI Identification

4 Content Follows the general principles of auditing set out in the International Standards for Supreme Audit Institutions (ISSAI) It provides an SAIs tailored working tool, which can be integrated with governance frameworks like the ISACA COBiT model, pronouncements of the International Standards Organization (ISO), or standards, guides and manuals from some of the SAIs SAI Identification

5 Structure Centered in detailed description of different IT domains which will assist the IT auditors in identifying potential auditable areas IT Governance IT Operations Development and Acquisition Outsourcing Information Security Business Continuity and Disaster Recovery Application Controls SAI Identification

6 Scoping Start with planning on a risk assessment based selection
We call it scoping through IT domain cascade: identify a specific domain or a combination of domains select the most critical areas and issues SAI Identification

7 Mechanics Scope and objective Domains Areas Issues Audit tests plan
Extract based on the scope and objective, then On each level: Analyze, validate and optimize each selection Score relative importance within the extracted list Develop a weighted list Scope and objective Domains Areas Issues Use the information in related Audit Matrices at Criteria, Information Required and Analysis Method levels as work base and extend as necessary Assertions Audit tests plan Extract the audit steps Check and adapt so that all key audit questions are covered Identify the accountable and responsible roles Establish what management claims are in place and if they are working well SAI Identification

8 To ensure that the audit process is preserved to enable subsequent verification, monitoring and share of the audit analysis procedures (ISSAI 100 PARAGRAPH 42), the tool produces: A template activity plan, which includes the subject, criteria and scope is produced, as well Audit matrices to help recording the findings during the IT audit conduct A central point to help the auditor interpreting and judging against the audit questions previously raised at the planning stage Possibility to share with the community in the project” Control Space of e-Government” (the CUBE), an EUROSAI initiative SAI Identification

Download ppt "What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising."

Similar presentations

SAI Performance Measurement Framework

SAI Performance Measurement Framework
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Establish Verification Procedures (Task 11 / Principle 6)

Establish Verification Procedures (Task 11 / Principle 6)
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
ISO 9001 Interpretation : Exclusions

ISO 9001 Interpretation : Exclusions
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
What are the challenges of implementing ISSAIs in NAO of Estonia? Krista Zibo Audit manager of Financial Audit Department Meeting of Experts of SAIs of.

What are the challenges of implementing ISSAIs in NAO of Estonia? Krista Zibo Audit manager of Financial Audit Department Meeting of Experts of SAIs of.
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Learning Objectives LO1 Introduce the concept of auditor responsibilities. LO2 Explain the importance of the study of ethics in helping define auditor.

Learning Objectives LO1 Introduce the concept of auditor responsibilities. LO2 Explain the importance of the study of ethics in helping define auditor.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.

COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.

INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
ISO 9001:2008 to ISO 9001:2015 Summary of Changes

ISO 9001:2008 to ISO 9001:2015 Summary of Changes
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Similar presentations

Ads by Google