INFORMATION SYSTEMS AUDIT - PowerPoint PPT Presentation

Loading...

PPT – INFORMATION SYSTEMS AUDIT PowerPoint presentation | free to download - id: 577793-MGQ2M



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

INFORMATION SYSTEMS AUDIT

Description:

Title: INFORMATION SYSTEMS AUDIT & CONTROL OVERVIEW Author: intaudit Last modified by: ilmot Created Date: 4/9/2003 7:50:35 PM Document presentation format – PowerPoint PPT presentation

Number of Views:84
Avg rating:3.0/5.0
Slides: 19
Provided by: IntA7
Learn more at: http://www.mdp.ac.id
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: INFORMATION SYSTEMS AUDIT


1
INFORMATION SYSTEMS AUDIT CONTROL OVERVIEW

2
A G E N D A
  • Evolution of IT Audit Universe
  • IS Audit Control Careers
  • Wearing Different Hats
  • IS Standards, Guidelines, Procedures
  • COBIT
  • Risk Assessment
  • contd

3
A G E N D A
  • Computer-Assisted Auditing Techniques Tools
  • Todays Audit Universe
  • IT Systems Project Participation Options
  • IT Audit Resources
  • Glossary of Terms
  • Sample Questions for CISA Exam

4
Evolution of IT Audit Universe
  • EDP Audit to IS Audit to IT Audit
  • Mainframe to distributed computing
  • Local area network to wide area network to
    wireless
  • Dial-up lines (modem) to high-speed Internet
    service

5
IS Audit Control Careers
  • A systems background is a real advantage, but a
    journalism degree is not a bad thing
  • Not all auditing is equal, but all auditing is
    related by some core principles

6
Wearing Different Hats
  • Audit fieldwork
  • Communication of results
  • Technical consultation
  • Department computing support
  • Risk assessment
  • Special projects
  • Continuing professional education

7
IS Standards, Guidelines, Procedures
  • Audit Charter
  • Independence
  • Professional Ethics Standards
  • Competence
  • Planning (including Risk Assessment)
  • Performance of Audit Work
  • Reporting
  • Follow-up Activities

8
COBIT--Control Objectives for Information
Related Technologies
  • Effective management of information and related
    IT is critical to an organizations success
  • IT governance is critical to that success (IT
    GovernanceA structure of relationships and
    processes to direct and control the enterprise in
    order to achieve the enterprises goals by adding
    value while balancing risk versus return over IT
    and its processes.)
  • IT governance links IT processes, IT resources,
    and information to enterprise strategies
    objectives

9
COBIT--Control Objectives for Information
Related Technologies
  • COBIT bridges the gaps between business risks,
    control needs,and technical issues
  • Comparable to the COSO model
  • Four domains
  • Planning Organization
  • Acquisition Implementation
  • Delivery Support
  • Monitoring

10
IT Risk Assessment
  • Examines business from managements perspective
  • Allows IT auditor to make observations
    recommendations that are responsive to
    managements concerns

11
IT Risk Assessment
  • Emphasis on knowledge of the organizations
    control environment
  • Focus on effectiveness of a combination of
    controls instead of individual controls
  • Strong linkage between risk assessment and audit
    testing decisions

Handbook of IT Auditing, Warren, Gorham,
Lamont
12
CAATComputer Assisted Auditing Techniques Tools
  • Query systems, report writers, utilities,
    computer languages
  • Complete files can be read speedily
  • Can use parameters that may be altered each time
    program is run
  • Once programs are set up, time savings are
    significant
  • Allows auditor independence

13
CAATComputer Assisted Auditing Techniques
ToolsTYPES OF SOFTWARE
  • Automated audit workpapers
  • Data Analysis
  • Risk assessment
  • Scheduling
  • Timekeeping
  • Flowcharting
  • Report generation

14
CAATComputer Assisted Auditing Techniques
ToolsUSE IN FRAUD DETECTION INVESTIGATION
  • Terminated employees being paid
  • Ghost employees
  • Purchases to homes instead of business
  • On-call pay abuse Unusually high salary
    increases
  • Telephone use abuse
  • Travel reimbursement abuse

15
CAATComputer Assisted Auditing Techniques
ToolsUSE IN NETWORK SECURITY
  • Port scanning tools
  • Network intrusion detection
  • SANS Top 20 Network Vulnerabilities
  • Nessus
  • Computer Intrusion Response Teams
  • Tiger Teams

16
IT Systems ProjectsParticipation Options
  • Steering Committee
  • Full project team participation
  • Periodic review consultation
  • Implementation/conversion review
  • Post-implementation/conversion review

17
IT Audit Resources
  • Mailists discussion lists
  • ACUA-L, C-ISACA-L, DCC-L, Sysadmin-L
  • Electronic newsletters
  • Canaudit, SANS, ZDNet Security
  • Libraries of audit programs
  • www.auditnet.org
  • www.isaca.org (K-Net)
  • www.acua.org

18
IT Audit Resources
  • Periodicals
  • EDPACS, Information Security
  • Technical training handouts
  • Vendor-specific websites
  • Technology-specific websites
  • www.webopaedia.com
About PowerShow.com