Role of State Audit Bureau of Kuwait in promoting and audit of IT Security  

Slides:



Advertisements
Similar presentations
Module N° 4 – ICAO SSP framework
Advertisements

Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.
Auditing, Assurance and Governance in Local Government
STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
The Challenges for Ensuring Transparency and Accountability in specific Areas of Public Financial Management presented by Mr.Abdluaziz Yousef Al-Adsani.
Development of internal control: methodology and responsibility
Information Technology Control Day IV Afternoon Sessions.
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Internal Control.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Purpose of the Standards
ZHRC/HTI Financial Management Training Session 1: Financial Management Overview.
Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.
Minnesota’s Internal Control Initiative National Association of State Comptrollers March 25, 2011 Speaker Jeanine Kuwik, MBA, CPA, CISA Director of Internal.
Central Piedmont Community College Internal Audit.
1-1 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Audit objectives, Planning The Audit
November 27, 2007Pebble Project Agency Meetings Pebble Project Data Management Data Management Responsibilities Ensure complete and accurate field and.
Association for Biblical Higher Education February 13, 2013 Lori Jo Stanfield Evaluator Team Training for Business Officers.
M. ANGELA JIMENEZ 1 UNIT 5. REGULATION OF EXTERNAL AUDIT IFAC AND E.C.
Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
City of Tshwane GDS August Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Republic of the Sudan The National Audit Chamber (NAC) Presentation to: INTOSAI Capacity Building Committee (CBC) Stockholm – September 8, 2015.
Audit of predetermined objectives Presentation: Portfolio Committee on Economic Development March 2013.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
SAI India Country Report
Programme Performance Criteria. Regulatory Authority Objectives To identify criteria against which the status of each element of the regulatory programme.
CIVILIAN SECRETARIAT FOR POLICE STATUS REPORT ON IMPLEMENTATION OF THE CIVILIAN SECRETARIAT FOR POLICE SERVICE ACT 2 OF 2011 PORTFOLIO COMMITTEE ON POLICE.
Portfolio Committee on Appropriations Audit of predetermined objectives 26 March 2013.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
Assessment of Annual Performance Plan 2014/15 Department of Rural Development and Land Reform 2 July 2014.
Chapter 9: Introduction to Internal Control Systems
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.
Office of Human Research Protection Georgia Health Sciences University.
Internal Auditing Effectiveness
Financial Management & Internal Control for Utility Companies Julia Barber, CPA and Sherman, Barber & Mullikin, CPAs Madison, IN
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Page 1 Portfolio Committee on Water and Environmental Affairs 14 July 2009.
Belgian Technical Cooperation Internal audit presentation.
Board Financial Oversight Governing Board Online Training Module.
Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Program Performance Criteria.
“The Role of CPSB and CASB in the Transformation and Growth of Counties” By CS Peterson Mwangi.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Internal Audit Agency Integrity + Professionalism INTERNAL AUDIT AGENCY ISACA Presentation 15 July, 2013 Alisa Hotel, ACCRA.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
JMFIP Financial Management Conference
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Midland DHBs Board Development
Audit of predetermined objectives
14th CAS meeting Performance reporting Presentation by SAI-SA
Predetermined Objectives – 2013/14
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY
Presentation to the Portfolio Committee on Finance
PROGRESS REPORT ON IMPLEMENTATION OF THE PUBLIC FINANCE MANAGEMENT ACT
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY
The role of Supreme Audit Institutions in fragile situations: initial findings Research by David Goldsworthy and Silvia Stefanoni of Development Action.
CORPORATE & ACADEMIC GOVERNANCE STRUCTURE
The Elements of appropriate Internal Controls
PC Briefing note Transport Portfolio 14 October 2014.
Briefing to the Portfolio Committee on Police Audit outcomes of the Police portfolio for the financial year 13 October 2015.
KEY INITIATIVE Internal Control and Technical Accounting
Portfolio Committee on Communications
Presentation transcript:

Role of State Audit Bureau of Kuwait in promoting and audit of IT Security  

Table of content: Definition and Importance. IT audit in SAB. The objectives of INTOSAI in IT audit. What do we have in IT audit? (Our capabilities). Efforts of SAB related to IT Security Audit. How Auditors in The State Audit Bureau of Kuwait view the IT Security Audit. Main challenges within the audit of IT security. How to overcome challenges related to the audit of IT security.

The State Audit Bureau Of Kuwait The “National Cyber Security Strategy for the State of Kuwait” is a response from Kuwaiti government due to the extent of threats and challenges of cyber risks against institutions and individuals. SAB has held the duty of overseeing the collection of State revenues and the settlement of its expenses within the limits of budget allocations in addition to sustaining the adequacy of the followed systems and procedures used to safeguard public funds and prevent any misuse.

Information Systems Security Audit (ISSA) Information Technology Audit Definition Information Systems Security Audit (ISSA) “independent review and examination of system records, activities and related documents.” Information Technology Audit “the process of examining the implemented measures and systems that were designed to securely protect and safeguard information utilizing various forms of technology”

Importance Evaluating the flow of data within SAB Determining if the Auditee needs to work more on its IT security controls, policies, regulations or standards Ensuring that management is applying the governance structures currently in place to support effective oversight of IT security. Drawing managements’ attention to address residual risk exposure. Improving IT governance. Reducing risk, improving security and reinforcing controls.

Determining whether IT controls protect corporate assets. IT Audit in SAB Examining and evaluating an organization's information technology infrastructure, policies and operations. Determining whether IT controls protect corporate assets. Ensuring data integrity and alignment with the business' overall goals. Examining the overall business and financial controls that involve information technology systems.

The objectives of INTOSAI in IT audit: Implementing the triennial work plan, which consists of various goals and projects. Projects are selected after reviewing the needs of SAIs and the deliverables range from best practice guides to website related information and other audit material. It is the dedication and effort of individual SAIs that makes the WGITA work.

Audit of system development. What do we have in IT audit? (Our capabilities): IT Pre-Audit Investigates technically the subject tender, commitment, agreement, or contract and verifies that the allocations of the funds in the budget allow for engagement . IT Post-Audit Controls review. Audit of system development. Audit of IT systems. Forensic audit. Security audits. Internal Audit Provide a reasonable assurance regarding the efficiency of performed processes within SAB Performance Audit: examination of controls and business rules adopted by audited entity in the database management system.

What do we have in IT audit? (Our capabilities): Information technology department quality management system CMMI-DEV L2. ISO 9001 CAATs: The Interactive Data Exploration and Analytics (IDEA) SAB’s working teams: Development projects teams. Standing committees and working groups. Temporary Working Teams.

Efforts of SAB related to IT Security Audit: Training programs (Local, External). Formal Meetings with other SAIs (Local, External). Seminars and Conferences (Local, External). Workshops (Local, External). Field Visits to other SAIs. CAATs: Performance Audit: SAB’s working teams:

IT Audit Training:

IT Audit Training:

How Auditors in SAB view the IT Security Audit: Auditing of the National Rationing System. Auditing of the Traffic Ticketing Information System. Auditing of the digital security environment of Kuwait authority for partnership projects. Evaluating the efficiency of automated systems in Kuwait Fund for Arab Economic Development with an emphasize on the security of the systems.

Results: Auditees have taken some corrective actions regarding the findings. Auditees have benefited from recommendations regarding creating and implementing new security procedures and policies. Audit finding have helped in revealing some hidden risks. Auditees were more encouraged to keep technology up-to-date.

Main challenges within the audit of IT security: Auditees are not employing proper technologies in their work. Internal Audit is ignored. Employing new concepts within the audit process. Auditor experience vs. rapid change of technology. Lack of IT security controls. Staff shortage. Lack of experience.

How to overcome challenges related to the audit of IT security:   How to overcome challenges related to the audit of IT security: Strategic plan of SAB. Auditors’ continuous training in topics related to the Audit of IT security. Internal audit Technical support department IT audit team. Helping its auditors to focus on developing their technical skills and staying up-to-date on the latest technologies. Following Regular audits which also helps in improving the effectiveness of the auditor. Providing auditees with workshops and training courses related to IT and IT security Hiring qualified and skilled staff including auditors.

Thank you!