Download presentation
Presentation is loading. Please wait.
Published byJosef Berg Modified over 5 years ago
1
Role of State Audit Bureau of Kuwait in promoting and audit of IT Security
2
Table of content: Definition and Importance. IT audit in SAB.
The objectives of INTOSAI in IT audit. What do we have in IT audit? (Our capabilities). Efforts of SAB related to IT Security Audit. How Auditors in The State Audit Bureau of Kuwait view the IT Security Audit. Main challenges within the audit of IT security. How to overcome challenges related to the audit of IT security.
4
The State Audit Bureau Of Kuwait
The “National Cyber Security Strategy for the State of Kuwait” is a response from Kuwaiti government due to the extent of threats and challenges of cyber risks against institutions and individuals. SAB has held the duty of overseeing the collection of State revenues and the settlement of its expenses within the limits of budget allocations in addition to sustaining the adequacy of the followed systems and procedures used to safeguard public funds and prevent any misuse.
5
Information Systems Security Audit (ISSA) Information Technology Audit
Definition Information Systems Security Audit (ISSA) “independent review and examination of system records, activities and related documents.” Information Technology Audit “the process of examining the implemented measures and systems that were designed to securely protect and safeguard information utilizing various forms of technology”
6
Importance Evaluating the flow of data within SAB Determining if the Auditee needs to work more on its IT security controls, policies, regulations or standards Ensuring that management is applying the governance structures currently in place to support effective oversight of IT security. Drawing managements’ attention to address residual risk exposure. Improving IT governance. Reducing risk, improving security and reinforcing controls.
7
Determining whether IT controls protect corporate assets.
IT Audit in SAB Examining and evaluating an organization's information technology infrastructure, policies and operations. Determining whether IT controls protect corporate assets. Ensuring data integrity and alignment with the business' overall goals. Examining the overall business and financial controls that involve information technology systems.
8
The objectives of INTOSAI in IT audit:
Implementing the triennial work plan, which consists of various goals and projects. Projects are selected after reviewing the needs of SAIs and the deliverables range from best practice guides to website related information and other audit material. It is the dedication and effort of individual SAIs that makes the WGITA work.
9
Audit of system development.
What do we have in IT audit? (Our capabilities): IT Pre-Audit Investigates technically the subject tender, commitment, agreement, or contract and verifies that the allocations of the funds in the budget allow for engagement . IT Post-Audit Controls review. Audit of system development. Audit of IT systems. Forensic audit. Security audits. Internal Audit Provide a reasonable assurance regarding the efficiency of performed processes within SAB Performance Audit: examination of controls and business rules adopted by audited entity in the database management system.
10
What do we have in IT audit? (Our capabilities):
Information technology department quality management system CMMI-DEV L2. ISO 9001 CAATs: The Interactive Data Exploration and Analytics (IDEA) SAB’s working teams: Development projects teams. Standing committees and working groups. Temporary Working Teams.
11
Efforts of SAB related to IT Security Audit:
Training programs (Local, External). Formal Meetings with other SAIs (Local, External). Seminars and Conferences (Local, External). Workshops (Local, External). Field Visits to other SAIs. CAATs: Performance Audit: SAB’s working teams:
12
IT Audit Training:
13
IT Audit Training:
14
How Auditors in SAB view the IT Security Audit:
Auditing of the National Rationing System. Auditing of the Traffic Ticketing Information System. Auditing of the digital security environment of Kuwait authority for partnership projects. Evaluating the efficiency of automated systems in Kuwait Fund for Arab Economic Development with an emphasize on the security of the systems.
15
Results: Auditees have taken some corrective actions regarding the findings. Auditees have benefited from recommendations regarding creating and implementing new security procedures and policies. Audit finding have helped in revealing some hidden risks. Auditees were more encouraged to keep technology up-to-date.
16
Main challenges within the audit of IT security:
Auditees are not employing proper technologies in their work. Internal Audit is ignored. Employing new concepts within the audit process. Auditor experience vs. rapid change of technology. Lack of IT security controls. Staff shortage. Lack of experience.
17
How to overcome challenges related to the audit of IT security:
How to overcome challenges related to the audit of IT security: Strategic plan of SAB. Auditors’ continuous training in topics related to the Audit of IT security. Internal audit Technical support department IT audit team. Helping its auditors to focus on developing their technical skills and staying up-to-date on the latest technologies. Following Regular audits which also helps in improving the effectiveness of the auditor. Providing auditees with workshops and training courses related to IT and IT security Hiring qualified and skilled staff including auditors.
18
Thank you!
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.