Presentation is loading. Please wait.

Presentation is loading. Please wait.

7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic.

Published byAllyson Fitzgerald Modified over 8 years ago

Similar presentations

Presentation on theme: "7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic."— Presentation transcript:

1 7-Oct-15 System Auditing

2 AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events ascertain the degree of correspondence between those assertions communicating the results to interested users.

3 Types of Audits  Financial Audit  Operational Audit  Compliance Audit  Fraud Audit  IT Audit  Security Audit  Can be done both internally or externally by the public certified accountants

4 IT Audit An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. An IT audit is the process of collecting and evaluating evidence of an organization's information systems, practices, and operations.

5 IT Audit The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively and efficiently to achieve the organization's goals or objectives. This is becoming increasing important as accounting data and the processes are now embedded into the computer based information system

6 IT Audit  Subject to ethics, guidelines, and standards of the profession (if certified)  CISA  Most closely associated with ISACA  Joint with internal, external, and fraud audits  Scope of IT audit coverage is increasing  Characterized by CAATTs  IT governance as part of corporate governance

7 Stages of IT Audit Phases 1. Planning 2. Obtaining evidence  Tests of Controls  Substantive Testing  CAATTs  Analytical procedures 3. Ascertaining reliability  MATERIALITY 4. Communicating results  Audit opinion

8 IT Audit Approach Gather information and Plan Knowledge of business and industry Prior year ‘s audit result Recent financial informationRegulatory statutes Inherent risk assessments Obtain understanding of internal control Control environmentControl procedures Control risk assessmentDetection risk assessment Total risks

9 IT Audit Approach Perform compliance tests Test policies and proceduresTest segregation of duties Perform substantive tests Analytical proceduresDetailed tests of account balances Other substantive audit procedures Conclude the audit Create recommendationWrite audit report

10 Tests performed Compliance testing To determine if internal controls are being applied in a manner described in documentation and in accordance with management intent Substantive testing To determine the integrity of the actual processing. Usually done by processed some sample data and see if the same result can be realized.

11 Security Audit It is a systematic, measurable technical assessment of: how the organization's security policy is employed at a specific site How effectively an entity being assessed meets specific security objectives

12 Assessment Methodology Should be repeatable and documented Divided into 3 phases: Planning Set goals, scope, timeline, responsibility, resources, deliverables Collect information: assets to be assessed, threats against assets, security controls to mitigate risk Execution Validate controls and identify vulnerabilities Post-execution

13 Assessment Methodology Post-execution Analyse identified vulnerabilities Determine root cause Recommend mitigation methods Write final report

14 Assessment methods Examine/review Technical investigation/assessment Interview

15 Review techniques Documentation review – policies, procedures Log review Rule set review – router, firewall, IDS etc. System configuration review Network sniffing – network traffic File integrity checking

16 Technical assessment techniques Network discovery Network port and services identification Vulnerability scanning Wireless scanning etc. Password cracking Penetration testing Social engineering

17 Talk to /interview people Have they read the security policy? What can/ can’t do in their own words? Could they get root/ system privilege? What are the systems used for? What are the critical systems? How do they view the security audit?

18 Terminology CAATT: Computer Assisted Auditing Tool and Techniques ACL: Audit Command Language IDEAS: Interactive Data Extraction and Analysis Ref on Security Audit: NIST Technical guide to Information Security Testing and Assessment

Download ppt "7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic."

Similar presentations

AUDITING : AN OVERVIEW. Auditing defined It is a critical and systematic examination or review of accounting reports, documents, records, procedures and.

AUDITING : AN OVERVIEW. Auditing defined It is a critical and systematic examination or review of accounting reports, documents, records, procedures and.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
Overview of IS Controls, Auditing, and Security Fall 2005.

Overview of IS Controls, Auditing, and Security Fall 2005.
Auditing Concepts.

Auditing Concepts.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.
Learning Objectives LO1 Explain the importance of auditing. LO2 Distinguish auditing from accounting. LO3 Explain the role of auditing in information risk.

Learning Objectives LO1 Explain the importance of auditing. LO2 Distinguish auditing from accounting. LO3 Explain the role of auditing in information risk.
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
Information Security Policies and Standards

Information Security Policies and Standards
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Pertemuan 5-6 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 5-6 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Planning the Audit; Linking Audit Procedures to Risk

Planning the Audit; Linking Audit Procedures to Risk
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Review of Introduction to Auditing

Review of Introduction to Auditing
9.401 Auditing Chapter 1 Introduction. Definition of Auditing The accumulation and evaluation The accumulation and evaluation Of evidence about information.

9.401 Auditing Chapter 1 Introduction. Definition of Auditing The accumulation and evaluation The accumulation and evaluation Of evidence about information.

Similar presentations

Ads by Google