Presentation is loading. Please wait.

Presentation is loading. Please wait.

Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне IT auditing as a profession at 4 th MASIT Open Days, Skopje 28 th of September.

Published byBertina Marshall Modified over 8 years ago

Similar presentations

Presentation on theme: "Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне IT auditing as a profession at 4 th MASIT Open Days, Skopje 28 th of September."— Presentation transcript:

1 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне IT auditing as a profession at 4 th MASIT Open Days, Skopje 28 th of September 2007 Presenter: Jasmina Trajkovski, CISA TRAJKOVSKI & PARTNERS CONSULTING

2 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне Agenda Financial vs Information Technology Audit Overview of IT Audit How to become IT Auditor Certification options for IT Auditors Information Systems Auditing and Contol Content Areas

3 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне What is Audit? Definition of Financial Audit “An official examination of accounts to see that they are in order” – the Oxford Dictionary An independent assessment of / opinion on how well (or badly) the financial statements were prepared Definition of Information Technology Audit: “a review of the controls within an entity’s technology infrastructure” – Wikipedia An official examination of IT related processes top see that they are in order

4 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне Information Technology Audit Development Pre-implementation Post-implementation (systems in live use) Installation (operating systems) E-applications (internet related systems) IT Project Management Sarbanes-Oxley Act (SOX)

5 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне IT Controls Objectives Confidentiality –Information is observed by or disclosed to only those who have a right to know Integrity –Protecting information from unauthorized, unanticipated or unintentional modification and destruction Availability –Providing information on a timely basis whenever it is needed to meet business requirements or to avoid substantial losses Non-Repudiation –The sender of a message cannot deny the validity of the result of the process used to authenticate the data

6 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне How to become an IT Auditor? Academic background: Computer Science, IT, Accounting, Business, Economic, etc. On-the-job training Professional Qualification in IT auditing or Certification –Certified Information Systems Auditor (CISA) Information Systems Audit and Control Association – ISACA (www.isaca.org)www.isaca.org –General Audit Certification – Certified Internal Audit (CIA) The Institute of Internal Auditors (www.theiaa.org)www.theiaa.org

7 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне Clarification on certification “certification” = “professional qualification” Meaning: –recognition by a professional body that an individual has achieved a certain standard in his or her profession whether through achievement or examination. There is no formal requirement for any form of certification, or even educational standard for IT auditors –Source: Institute of Internal Auditors, www.theiaa.orgwww.theiaa.org

8 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне Clarification on certification – cont. A certification often only measures an individual’s ability to pass an examination at a specific point in time. It does not: –provide any form of assurance about an individual’s ability to do the job, –measure an individual’s current state of knowledge, unless continuing professional development is part of the certification.

9 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне Why certification for IT Auditor? Provides good professional training. Indicates to employers that an IT auditor has a specific level of knowledge. Shows commitment to the profession on the part of the IT auditor. Indicates that the IT auditor will adhere to a recognized standard of work and adopt professional ethics.

10 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне Certified Information System Auditor - CISA Issues by: Information Systems Audit and Control Association (ISACA) www.isaca.orgwww.isaca.org the only globally recognized IT audit certification (source: The Institute for Internal Auditors) 25+ years of existence with 50.000 CISAs Requirements: –Acquire five years of IT audit, security or control experience –Pass a rigorous exam –Comply with annual requirements for continuing professional education

11 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне “No enterprise can surpass the abilities and talents of its employees. The world of technology is ever- changing, and I need to know that my employees are prepared to face such challenges. The CISA designation is an excellent indicator of proficiency in technology controls.” –Marios Damianides, CISA, CISM, Partner, Ernst and Young LLP, USA US Department of Defense (DoD) – for information assurance personnel

12 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне IS Auditing and Control job processes / content areas (1 of 4) 1.The IS Audit Process –Conduct IS audits in accordance with generally accepted IS audit standards and guidelines to ensure that the organization’s information technology and business systems are adequately controlled, monitored and assessed. 2.Management, Planning and Organization of IS –Evaluate the strategy, policies, standards, procedures and related practices for the management, planning, and organization of IS.

13 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне 3.Technical Infrastructure and Operational Practices –Evaluate the effectiveness and efficiency of the organization’s implementation and ongoing management of technical and operational infrastructure to ensure that they adequately support the organization’s business objectives. 4.Protection of Information Assets –Evaluate the logical, environmental and IT infrastructure security to ensure that it satisfies the organization’s business requirements for safeguarding information assets against unauthorized use, disclosure, modification, damage or loss. IS Auditing and Control job processes / content areas (2 of 4)

14 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне 5.Disaster Recovery and Business Continuity –Evaluate the process for developing and maintaining documented, communicated and tested plans for continuity of business operations and IS processing in the event of a disruption. 6.Business Application System Development, Acquisition, Implementation and Maintenance –Evaluate the methodology and processes by which the business application system development, acquisition, implementation, and maintenance are undertaken to ensure that they meet the organization’s business objectives. IS Auditing and Control job processes / content areas (3 of 4)

15 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне 7.Business Process Evaluation and Risk Management –Evaluate business systems and processes to ensure that risks are managed in accordance with the organization’s business objectives. IS Auditing and Control job processes / content areas (4 of 4)

16 Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне Questions and Further Information Jasmina Trajkovski, CISA Jasmina.Trajkovski@tpconsulting.com.mk T&P Consulting, Skopje, Macedonia

Download ppt "Доколку не сакате сами себе си да си помогнете, никој не може да ви помогне IT auditing as a profession at 4 th MASIT Open Days, Skopje 28 th of September."

Similar presentations

. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Security and Personnel

Security and Personnel
Internal Control.

Internal Control.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Auditing Computer Systems

Auditing Computer Systems
Certification Programs CISA/CISM/CGEIT DoD Overview Update: 1 May 2009.

Certification Programs CISA/CISM/CGEIT DoD Overview Update: 1 May 2009.
CISA/CISM Programs DoD and Component Overview June 29, 2006.

CISA/CISM Programs DoD and Component Overview June 29, 2006.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Chapter 29 Ethics in Accounting

Chapter 29 Ethics in Accounting
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
9.401 Auditing Chapter 1 Introduction. Definition of Auditing The accumulation and evaluation The accumulation and evaluation Of evidence about information.

9.401 Auditing Chapter 1 Introduction. Definition of Auditing The accumulation and evaluation The accumulation and evaluation Of evidence about information.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit

Similar presentations

Ads by Google