Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Introduction to IT audits PART II IT.

Published byNorman Bryan Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Introduction to IT audits PART II IT."— Presentation transcript:

1 1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Introduction to IT audits PART II IT Audit International Standards, Practices & Guidance Ljubljana, 12-13 October 2009 Monique Garsoux ISACA Chapter Vice-President Monique Garsoux ISACA Chapter Vice-President

2 2 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Introduction The MIS has to be : –Reliable –Continuous –Secure –Efficient/effective –Compliant All authorities need an independent IT audit because –It is their responsibility –They should have reports on the IT risks evaluation based on objective assessment criteria –Their IT system should be effective

3 3 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 The association of IT auditors : ISACA The IT audit is an internationnally regulated profession. Founded in 1969, as the EDP Auditors Association (EDPAA) More than 86,000 members in 160 countries Members include internal & external auditors, Chief Information Officers, Information security and control professionals and IT consultants More than 175 chapters worldwide 33 Chapters in Europe

4 4 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 The IT Auditors team The IT auditor has to respect professional standards, certification, skills and expertise. The IT auditor should be qualified for the work. The IT auditor has frameworks and best practices as the support for his work.

5 5 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 IT auditor has to be competent Hold certifications –Certified Information Systems Auditor™ (CISA ® ) –Certified Information Security Manager ® ( CISM ® ) –Certified in the Governance of Enterprise IT ® (CGEIT ® ) Apply Standards and Frameworks –IS auditing standards, guidelines, procedures, IS control standards –Frameworks to be used :CobiT & IT Assurance Guide and more… Keep informed and trained : –Conferences and education –Information :K-NET ® –Publications

6 6 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 What the IT auditor does … A formal, independent and systematic assessment of the IT system that must meet specific criteria (effectiveness, integrity, confidentiality, completeness, availability, compliance, reliability). He produces a written report on risks, weaknesses, findings and recommendations. He follows the action plans from the auditees. Code of Professional Ethics : guides the professional and personal conduct of IT Auditors (Independence and Objectivity, Reasonable Expectation, Management’s Acknowledgement, Training and Proficiency, Knowledge of the Subject Matter; Due Professional Care). 6 |

7 7 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 The steps of the work of the IT auditor presentation7 |

8 8 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 The IT auditor uses the Cobit Framework (Control Objectives for Information Technology)

9 9 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Contents of IT audits Contents of IT audits 1.IT General Controls The IT environment audit Audited General Controls –Logical access controls over infrastructure, applications, and data. –System development (Analysis and programming). –Program change controls. –Data centre physical security controls. –System and data backup and recovery controls. –Computer operation controls 9 | MIS Accounting Document ITGCs

10 10 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 IT application Audits. In the IT systems controls are automated and designed to ensure the complete and accurate processing of data, from input through output. They ensure that only complete, accurate, authorized and valid data is entered, calculated, updated and produced in a computer system. This is verified by the IT Auditor 10 | InputProcessOutput Interfaces Contents of IT audits

11 11 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Example of the IT audit Framework AC1 Source document preparation & authorisation Example of tests from Cobit to be realized by the IT auditor

12 12 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 –Reports consist of a written text accompanied with detailed information. –It is organised in such a manner as to permit the reader to understand, in greater depth, the areas included in the scope of the report; the work performed; the findings obtained (audit opinion); and the issues, concerns, risks, etc., identified. –The report is based on the findings and the recommendations themselves substantiated by the tests and investigations performed 12 | Reporting done by the IT Auditor

13 13 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 References WWW.ISACA.ORG for Cobit and the Assurance Guide and IT assurance framework -> free downloadableWWW.ISACA.ORG For information on IT audit &Training

14 14 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Conclusion IT audit is a mature and regulated profession with available tools and techniques from ISACA.

15 15 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Thank you for your attention! Email : Email : M.Garsoux@QAP.EU M.Garsoux@QAP.EU Tel: Tel: + 32 472739836

Download ppt "1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Introduction to IT audits PART II IT."

Similar presentations

. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
New IA IA Clinic March 30, 2013. Definition of Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed.

New IA IA Clinic March 30, Definition of Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed.
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)

STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
S16: Auditing Standards.

S16: Auditing Standards.
1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Draft information note on the Annual.

1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Draft information note on the Annual.
Developing Global Professional Standards Shanker Gopalkrishnan, CMC, FIMC Chair, Global Professional Standards Committee, ICMCI IMCI National Convention,

Developing Global Professional Standards Shanker Gopalkrishnan, CMC, FIMC Chair, Global Professional Standards Committee, ICMCI IMCI National Convention,
Assurance, Attestation, and Internal Auditing Services

Assurance, Attestation, and Internal Auditing Services
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
IS Audit Function Knowledge

IS Audit Function Knowledge
1 Pertemuan 3 Auditing Standards and Responsibilities Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

1 Pertemuan 3 Auditing Standards and Responsibilities Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
The Internal Audit Function in the Public Sector

The Internal Audit Function in the Public Sector
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
External Quality Assessments

External Quality Assessments
Purpose of the Standards

Purpose of the Standards
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.

Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Conducting the IT Audit

Conducting the IT Audit

Similar presentations

Ads by Google