Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS4680 Security Auditing for Compliance

Published byArabella Short Modified over 6 years ago

Similar presentations

Presentation on theme: "IS4680 Security Auditing for Compliance"— Presentation transcript:

1 IS4680 Security Auditing for Compliance
Unit 10 Qualifications, Ethics, and Certifications for IT Auditors

2 Class Agenda 8/22/16 Covers Chapter 15 Learning Objectives
Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Lab will be perform in class. Break Times as per School Regulation Final Project Due in the next class. Final Exams will be held in the next class.

3 Learning Objective Describe the qualifications, ethics, and certification organizations for information technology (IT) auditors.

4 Key Concepts Significance of IT auditing career pursuits
Professional ethics and integrity of IT auditors Codes of conduct for IT auditors Acceptable use policy (AUP) between employee and employer Certification process and accreditation for IT auditing

5 EXPLORE: CONCEPTS

6 Qualifications and Ethics for IT Auditors
Auditors have an important duty to evaluate organizational controls. IT auditors need to practice strong ethical behavior and demonstrate integrity and objectivity.

7 Certification for IT Auditors
Certification programs are available that are more aligned to information-system auditing and assurance. Nearly all organizations that provide IT-auditing services have their own codes of conduct and ethical standards.

8 Certification for IT Auditors (Continued)
Professional organizations for IT auditors, such as Information Systems Audit and Control Association (ISACA) and the Institute of Internal Auditors (IIA), also have codes of ethics

9 Codes of Conduct for IT Auditors
The IIA code of ethics has four principles: Integrity—Honesty and standing firm to moral obligations help to establish trust: This is critical as organizations rely on auditors for their professional judgment.

10 Codes of Conduct for IT Auditors (Continued)
Objectivity—Auditors need to make a fair assessment of activities and processes being examined without being unjustifiably influenced by their own or others’ interests.

11 Codes of Conduct for IT Auditors (Continued)
Confidentiality—Like therapists who are privy to the personal details of their clients, auditors are entrusted with access to valuable information about their client organizations: This information should not be disclosed without proper authority or other legal obligation.

12 Codes of Conduct for IT Auditors (Continued)
Competency—Auditors are successful in their duties by applying their knowledge, skills, and experience to their work.

13 Separation of Employer and Employee
Companies listed on public stock exchanges are, in many cases, required to adopt a code of conduct.

14 Separation of Employer and Employee (Continued)
Requirements aside, a code of conduct provides organizations with following benefits: First, it enhances the organization’s values and beliefs and it helps establish a strong culture based on the vision and mission of the organization. Next, a well-implemented code of conduct will build respect as well as enhance the organization’s reputation. Finally, it will help guide the organization and its people away from unethical and illegal behavior.

15 Separation of Employer and Employee (Continued)
All employees, including auditors, are expected to comply with their organization’s code of conduct: Auditors, however, are also responsible for verifying and testing their clients’ codes of conduct.

16 Certification for IT Auditors
Following certification streams are available in the auditing field: IIA—Perhaps the oldest and established in 1941 Certified Internal Auditor (CIA) certification Certification in Control Self-Assessment (CCSA) Certified Government Auditing Professional (CGAP) certification

17 Certification for IT Auditors (Continued)
Certified Financial Services Auditor (CFSA) certification Certified Information Systems Auditor (CISA) certification Certified Information Security Manager (CISM) certification Certified in Risk and Information Systems Control (CRISC) certification

18 Certification for IT Auditors (Continued)
Certified in the Governance of Enterprise IT (CGEIT) certification Global Information Assurance Certification (GIAC) (several designations)

19 EXPLORE: PROCESSES

20 Certification Process and Accreditation
Research various certifications available and become familiar with the process and requirements. Maintain certification once achieved.

21 EXPLORE: ROLES

22 Roles and Responsibilities
IT Auditors Responsible for conducting information security or IT audits following all proper ethical and professional guidelines. Senior Managers Support the auditing process and provide funding for ongoing compliance-related assurance procedures.

23 Roles and Responsibilities (Continued)
IT Managers Support the assurance efforts within the technology departments and provide inputs for compliance requirements.

24 EXPLORE: CONTEXTS

25 Codes of Conduct for IT Auditors Based on Organization Types
Auditors have the same codes of conduct no matter the organizational size or type. Auditors must follow codes of conduct that are produced within the organization while these very codes of conduct are actually audited by the same auditors. In an organization, auditors are considered as friends, and they help the organization to stay in compliance.

26 EXPLORE: RATIONALE

27 Need for Highest Professional Conduct
The IT-audit profession continues to grow and is supported by several professional organizations. IT auditors need to strongly adhere to ethical codes and be in constant pursuit of continued education.

28 Need for Highest Professional Conduct (Continued)
There are numerous educational opportunities for those just entering the profession or those looking for growth. Organizations such as the IIA and ISACA provide a tremendous amount of resources for the profession.

29 Significance of IT Auditing Career Pursuits
Practitioners within audit, IT, or a combination of both should strongly consider membership and take advantage of the educational and certification opportunities.

30 Summary In this presentation, the following were covered:
Qualifications, ethics, certifications, and codes of conduct for IT auditors. Process of certification and accreditation for IT auditors Importance of highest professional conduct for IT auditors

31 Unit 10 Assignment and Lab
Discussion 10.1 Acceptable Use Policy (AUP) Lab 10.2 Professional Information Systems Security Certifications––Charting Your Career Path Assignment 10.3 Codes of Conduct for Employees and IT Auditors

Download ppt "IS4680 Security Auditing for Compliance"

Similar presentations

. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
PROFESSIONAL ASSOCIATIONS: WHY PARTICIPATE? Presenter Name Company IIA Chapter/Institute.

PROFESSIONAL ASSOCIATIONS: WHY PARTICIPATE? Presenter Name Company IIA Chapter/Institute.
Pursuing Effective Governance in Canada’s National Sport Community June 2011.

Pursuing Effective Governance in Canada’s National Sport Community June 2011.
Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &

Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
Security and Personnel

Security and Personnel
Trust, Ethics, Integrity The Importance of Creating an Ethical Work Environment.

Trust, Ethics, Integrity The Importance of Creating an Ethical Work Environment.
PROJECT MANAGEMENT ETHICS

PROJECT MANAGEMENT ETHICS
Leslee Benson PTA 1500 The Implications for not abiding by APTA Viewpoints.

Leslee Benson PTA 1500 The Implications for not abiding by APTA Viewpoints.
Chapter 29 Ethics in Accounting

Chapter 29 Ethics in Accounting
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Software Engineering Code Of Ethics And Professional Practice

Software Engineering Code Of Ethics And Professional Practice
1 Pertemuan 3 Auditing Standards and Responsibilities Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

1 Pertemuan 3 Auditing Standards and Responsibilities Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Professional Ethics “Ethics are statements of moral principles and values that guide the action of auditors”. The independence, powers and responsibilities.

Professional Ethics “Ethics are statements of moral principles and values that guide the action of auditors”. The independence, powers and responsibilities.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
ETHICS AND CODE OF CONDUCT: THE NIGERIAN INSURANCE INDUSTRY EXPERIENCE CIIN PROFESSIONAL FORUM 2013 THOMAS O S, NIA NIA.

ETHICS AND CODE OF CONDUCT: THE NIGERIAN INSURANCE INDUSTRY EXPERIENCE CIIN PROFESSIONAL FORUM 2013 THOMAS O S, NIA NIA.
Chapter 2 Careers in Fraud Examination and Financial Forensics.

Chapter 2 Careers in Fraud Examination and Financial Forensics.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Business Ethics and Social Responsibility

Business Ethics and Social Responsibility
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

Similar presentations

Ads by Google