Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of IT Auditing

Published byAlannah Jenkins Modified over 6 years ago

Similar presentations

Presentation on theme: "Overview of IT Auditing"— Presentation transcript:

1 Overview of IT Auditing
Audit TSI Overview of IT Auditing

2 IT Audit IT Auditing Concept

3 IT Audit: Concept IT Auditing Audit IT

4 IT Audit: Concept The internal audit department to promote internal controls to help the company develop cost-effective solutions for addressing issues GOAL

5 IT Audit: Concept Merely reporting issues accomplishes nothing, except to make people look bad, get them fired, and create hatred of auditors. The real value comes when issues are addressed and problems are solved. In other words, reporting the issues is a means to an end. The end result improves the state of internal controls at the company. Reporting them provides a mechanism by which the issues are brought to light and can therefore receive the resources and attention needed to fix them.

6 IT Audit: Concept In summary, the internal audit department’s mission is twofold: To provide independent assurance to the audit committee (and senior management) that internal controls are in place at the company and are functioning effectively. To improve the state of internal controls at the company by promoting internal controls and by helping the company identify control weaknesses and develop cost-effective solutions for addressing those weaknesses.

7 IT Audit: Concept Internal controls is used frequently throughout this chapter. Stated in the simplest terms, internal controls are mechanisms that ensure the proper functioning of processes within the company. Every system and process exists for some specific business purpose. The auditor must look for risks that could impact the accomplishment of those purposes and then ensure that internal controls are in place to mitigate those risks.

8 therefore, you are not independent
IT Audit: Concept INDEPENDENT? As an auditor, you work for the company and report to its management; therefore, you are not independent

9 IT Audit: Concept

10 Consulting and Early Involvement
Many auditors are terrified when they are asked for a pre-implementation opinion. What if they give bad advice? Then they are as responsible for the control failure as the IT folks who implemented the system. Surely it’s better to say nothing and let the IT people “sink or swim” on developing controls, right? The auditors always can audit them later and tell them where they screwed up. Auditors need to be willing to step up to the plate and provide input. Whether you provide an opinion before implementation or after, you still should be providing essentially the same input.

11 Consulting and Early Involvement
When it comes to working with teams before implementation, some lines shouldn’t be crossed. The auditor should not be afraid to brainstorm with the team about how the controls should work. However, this should not include actually executing the control, writing the code for implementing it, or configuring the system. You can’t both own the control and audit it, but you should feel comfortable providing as much input as possible regarding what the control should look like.

12 Four Methods for Consulting and Early Involvement
Early involvement “Once you’ve created a system, tested it, and implemented it, it is much more expensive to go back and change it than if you had done it right the first time.”

13 Four Methods for Consulting and Early Involvement
Informal Audit “Tell the people you’re auditing that you don’t intend to track the issues coming out of the review but that if you find a major issue, you’ll have to make an exception.”

14 Four Methods for Consulting and Early Involvement
Knowledge Sharing “One of the easiest communication vehicles should be the company’s intranet. The internal audit department should have its own website.” Control Guidelines Common Issues, Best Practices, and Innovative Solutions Tools

15 Four Methods for Consulting and Early Involvement
Self-Assessments “It is up to each audit department to determine whether it wants to implement a control self-assessment (CSA) model formally.”

16 The Role of the IT Audit Team

17 The Role of the IT Audit Team
Data center facilities This, quite simply, is the physical building and data center housing the computer equipment on which the system in question resides. Networks This allows other systems and users to communicate with the system in question when they do not have physical access to it. This layer includes basic networking devices such as firewalls, switches, and routers. System platform This provides the basic operating environment on which the higher level application runs. Examples are operating systems such as Unix, Linux, and Windows.

18 The Role of the IT Audit Team
Databases This tool organizes and provides access to the data being run by the end application. Applications This is the end application, which actually is seen and accessed by the end user. This could be an enterprise resource planning (ERP) application providing basic business functions, an application, or a system that allows conference rooms to be scheduled.

19 The Role of the IT Audit Team
Application Auditors Application Layers Data Extraction and Analysis Specialists pulling data and analyzing it -> experts at data extraction and analysis tools IT Auditors database layer and below

20 IT Audit: Concept Summary
The real mission of the internal audit department is to help improve the state of internal controls at the company. Internal auditors are not truly independent, but they should be objective. It is important to find ways to accomplish the department’s mission outside of formal audits. Early involvement, informal audits, knowledge sharing, and self-assessments are four important tools in this regard. Building and maintaining good relationships with the IT organization are critical elements of the IT audit team’s success.

21 IT Audit: Concept Summary
The most effective IT audit teams ensure that every layer of the stack is covered, not just the application layer. Successful IT audit teams generally will consist of a combination of career auditors and IT professionals. It is critical to develop methods for maintaining the technical expertise of the IT audit team. A healthy relationship should be developed with external IT auditors.

22 IT Audit Process & Technique

23 IT Audit: Process Planning Fieldwork and documentation
Issue discovery and validation Solution development Report drafting and issuance Issue tracking

24 IT Audit: Techniques

25 IT Audit Regulation

26 IT Audit: Regulation As information technology (IT) matured during the late twentieth century, the IT department within each organization typically developed its own methods for managing operations. Eventually, frameworks and standards emerged to provide guidelines for the management and evaluation of IT processes.

27 IT Audit: Regulation Committee of Sponsoring Organizations (COSO)
Control Objectives for Information and Related Technology (COBIT) IT Infrastructure Library (ITIL) ISO 27001 National Security Agency (NSA) INFOSEC Assessment Methodology Frameworks and standards trends

Download ppt "Overview of IT Auditing"

Similar presentations

Software Quality Assurance Plan

Software Quality Assurance Plan
Chapter 1 Business Driven Technology

Chapter 1 Business Driven Technology
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
SAI Performance Measurement Framework

SAI Performance Measurement Framework
A Consultative Approach to Auditing

A Consultative Approach to Auditing
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
W5HH Principle As applied to Software Projects

W5HH Principle As applied to Software Projects
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
IS Audit Function Knowledge

IS Audit Function Knowledge
IT Planning.

IT Planning.
External Quality Assessments

External Quality Assessments
0 070620 Change Advisory Board COIN v1.ppt Change Advisory Board ITIL COIN June 20, 2007.

Change Advisory Board COIN v1.ppt Change Advisory Board ITIL COIN June 20, 2007.
Conducting the IT Audit

Conducting the IT Audit
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],

Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],
Assessment of Innovative Environment

Assessment of Innovative Environment
Effective Methods for Software and Systems Integration

Effective Methods for Software and Systems Integration
1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Introduction to IT audits PART II IT.

1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.
Copyright Course Technology 1999

Copyright Course Technology 1999
Management Information Systems

Management Information Systems

Similar presentations

Ads by Google