Presentation is loading. Please wait.

Presentation is loading. Please wait.

Role of State Audit Bureau of Kuwait in promoting and audit of IT Security  

Published byJosef Berg Modified over 4 years ago

Similar presentations

Presentation on theme: "Role of State Audit Bureau of Kuwait in promoting and audit of IT Security  "— Presentation transcript:

1 Role of State Audit Bureau of Kuwait in promoting and audit of IT Security

2 Table of content: Definition and Importance. IT audit in SAB.
The objectives of INTOSAI in IT audit. What do we have in IT audit? (Our capabilities). Efforts of SAB related to IT Security Audit. How Auditors in The State Audit Bureau of Kuwait view the IT Security Audit. Main challenges within the audit of IT security. How to overcome challenges related to the audit of IT security.

3

4 The State Audit Bureau Of Kuwait
The “National Cyber Security Strategy for the State of Kuwait” is a response from Kuwaiti government due to the extent of threats and challenges of cyber risks against institutions and individuals. SAB has held the duty of overseeing the collection of State revenues and the settlement of its expenses within the limits of budget allocations in addition to sustaining the adequacy of the followed systems and procedures used to safeguard public funds and prevent any misuse.

5 Information Systems Security Audit (ISSA) Information Technology Audit
Definition Information Systems Security Audit (ISSA) “independent review and examination of system records, activities and related documents.” Information Technology Audit “the process of examining the implemented measures and systems that were designed to securely protect and safeguard information utilizing various forms of technology”

6 Importance Evaluating the flow of data within SAB Determining if the Auditee needs to work more on its IT security controls, policies, regulations or standards Ensuring that management is applying the governance structures currently in place to support effective oversight of IT security. Drawing managements’ attention to address residual risk exposure. Improving IT governance. Reducing risk, improving security and reinforcing controls.

7 Determining whether IT controls protect corporate assets.
IT Audit in SAB Examining and evaluating an organization's information technology infrastructure, policies and operations. Determining whether IT controls protect corporate assets. Ensuring data integrity and alignment with the business' overall goals. Examining the overall business and financial controls that involve information technology systems.

8 The objectives of INTOSAI in IT audit:
Implementing the triennial work plan, which consists of various goals and projects. Projects are selected after reviewing the needs of SAIs and the deliverables range from best practice guides to website related information and other audit material. It is the dedication and effort of individual SAIs that makes the WGITA work.

9 Audit of system development.
What do we have in IT audit? (Our capabilities): IT Pre-Audit Investigates technically the subject tender, commitment, agreement, or contract and verifies that the allocations of the funds in the budget allow for engagement . IT Post-Audit Controls review. Audit of system development. Audit of IT systems. Forensic audit. Security audits. Internal Audit Provide a reasonable assurance regarding the efficiency of performed processes within SAB Performance Audit: examination of controls and business rules adopted by audited entity in the database management system.

10 What do we have in IT audit? (Our capabilities):
Information technology department quality management system CMMI-DEV L2. ISO 9001 CAATs: The Interactive Data Exploration and Analytics (IDEA) SAB’s working teams: Development projects teams. Standing committees and working groups. Temporary Working Teams.

11 Efforts of SAB related to IT Security Audit:
Training programs (Local, External). Formal Meetings with other SAIs (Local, External). Seminars and Conferences (Local, External). Workshops (Local, External). Field Visits to other SAIs. CAATs: Performance Audit: SAB’s working teams:

12 IT Audit Training:

13 IT Audit Training:

14 How Auditors in SAB view the IT Security Audit:
Auditing of the National Rationing System. Auditing of the Traffic Ticketing Information System. Auditing of the digital security environment of Kuwait authority for partnership projects. Evaluating the efficiency of automated systems in Kuwait Fund for Arab Economic Development with an emphasize on the security of the systems.

15 Results: Auditees have taken some corrective actions regarding the findings. Auditees have benefited from recommendations regarding creating and implementing new security procedures and policies. Audit finding have helped in revealing some hidden risks. Auditees were more encouraged to keep technology up-to-date.

16 Main challenges within the audit of IT security:
Auditees are not employing proper technologies in their work. Internal Audit is ignored. Employing new concepts within the audit process. Auditor experience vs. rapid change of technology. Lack of IT security controls. Staff shortage. Lack of experience.

17 How to overcome challenges related to the audit of IT security:
How to overcome challenges related to the audit of IT security: Strategic plan of SAB. Auditors’ continuous training in topics related to the Audit of IT security. Internal audit Technical support department IT audit team. Helping its auditors to focus on developing their technical skills and staying up-to-date on the latest technologies. Following Regular audits which also helps in improving the effectiveness of the auditor. Providing auditees with workshops and training courses related to IT and IT security Hiring qualified and skilled staff including auditors.

18 Thank you!

Download ppt "Role of State Audit Bureau of Kuwait in promoting and audit of IT Security  "

Similar presentations

Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.

Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)

STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
The Challenges for Ensuring Transparency and Accountability in specific Areas of Public Financial Management presented by Mr.Abdluaziz Yousef Al-Adsani.

The Challenges for Ensuring Transparency and Accountability in specific Areas of Public Financial Management presented by Mr.Abdluaziz Yousef Al-Adsani.
Development of internal control: methodology and responsibility

Development of internal control: methodology and responsibility
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Internal Control.

Internal Control.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Purpose of the Standards

Purpose of the Standards
ZHRC/HTI Financial Management Training Session 1: Financial Management Overview.

ZHRC/HTI Financial Management Training Session 1: Financial Management Overview.
Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.

Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.
Minnesota’s Internal Control Initiative National Association of State Comptrollers March 25, 2011 Speaker Jeanine Kuwik, MBA, CPA, CISA Director of Internal.

Minnesota’s Internal Control Initiative National Association of State Comptrollers March 25, 2011 Speaker Jeanine Kuwik, MBA, CPA, CISA Director of Internal.
Central Piedmont Community College Internal Audit.

Central Piedmont Community College Internal Audit.
1-1 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

1-1 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Audit objectives, Planning The Audit

Audit objectives, Planning The Audit
November 27, 2007Pebble Project Agency Meetings Pebble Project Data Management Data Management Responsibilities Ensure complete and accurate field and.

November 27, 2007Pebble Project Agency Meetings Pebble Project Data Management Data Management Responsibilities Ensure complete and accurate field and.

Similar presentations

Ads by Google