Presentation is loading. Please wait.

Presentation is loading. Please wait.

OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP 221601 YAP YONG TECK 228407 TAN YUAN JUE 226491 TAY QIU JIE 227495 GROUP MEMBER:

Published byChester Wilkerson Modified over 8 years ago

Similar presentations

Presentation on theme: "OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP 221601 YAP YONG TECK 228407 TAN YUAN JUE 226491 TAY QIU JIE 227495 GROUP MEMBER:"— Presentation transcript:

1 OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP 221601 YAP YONG TECK 228407 TAN YUAN JUE 226491 TAY QIU JIE 227495 GROUP MEMBER:

2 Data integrity Support traditional audit Goals achieved effectively Law & regulation Safeguards assets

3 Q : What is the demand for IT/IS audit professionals? A : It is increasing. According to CNN Money, IT audit is one of the fastest-growing professions, with 22 percent to 30 percent growth estimated for 2008- 2018. Organizations are looking for IT audit professionals to assess and recommend ways to mitigate the impacts of today’s technology risks.

4 Accounting scandals in recent years point to a need for more monitoring and oversight. So, as IT is becoming more complex and pervasive, the need for auditing is also on the rise. Thus, IT auditors are going to be in demand. The growth in information technology capabilities and the effects of the Sarbanes-Oxley Act and other legislation are driving demand for information technology auditors in public, private, non¬profit and government sectors. Graduates may find jobs as information systems auditors or risk managers in the Big 4 accounting firms, risk management consultants in financial services industries.

5

6 IT Governance - reviews of the organization’s fiduciary responsibility in satisfying the quality of IT delivery services while aligning with the business objectives and establishing an adequate system of internal controls. Information Systems - focus on security controls of physical and logical security of the server including administration of server accounts, system logging and monitoring, and system backup. Integrated Audits - reviews of the business operations and their dependency of automated systems to support the business process. From the technology perspective, the audit focuses on application controls, administration of user access, application change control and backup and recovery to assure reliability, integrity and availability of the data. Control Self-assessments - Control Self-assessments are designed for department that manages and operates a technology environment. These self-assessment tools can be used to identify potential areas of control weakness in the management of the technology environment. Compliance - Compliance audits include Payment Card Industry(PCI), the Health Insurance Portability and Accountability Act (HIPAA), and any other applicable laws and regulations.

7 Systems and Applications. To verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity. Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions. Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards Management of IT and Enterprise Architecture: To verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for Information Processing. Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that telecommunication controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.

8 Technological innovation process audit. The audit will assess the length and depth of the company's experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure. Innovative comparison audit. This audit is an analysis of the innovative abilities of the company being audited, in comparison to its competitors.This requires examination of company's research and development facilities, as well as its track record in actually producing new products. Technological position audit: This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing" or "emerging".

9

10  Analyzes and interprets many different types of computer or information systems within a company or organization  Developing and maintaining a company’s information systems  Maintains and develops computerized audit software

11  Prepare and presents written and oral reports and other technical information management  Follow up on audit findings to ensure that management has taken corrective action  Ensure there is no fraudulent activity, unnecessary spending, or non compliance with the laws and regulations

12 ISACAISACA Certifications Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in the Governance of Enterprise IT (CGEIT) Certified in Risk and Information Systems Control (CRISC)

13

Download ppt "OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP 221601 YAP YONG TECK 228407 TAN YUAN JUE 226491 TAY QIU JIE 227495 GROUP MEMBER:"

Similar presentations

VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.

VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Control and Accounting Information Systems

Control and Accounting Information Systems
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
Overview of IS Controls, Auditing, and Security Fall 2005.

Overview of IS Controls, Auditing, and Security Fall 2005.
Security and Personnel

Security and Personnel
Internal Control.

Internal Control.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
The Islamic University of Gaza

The Islamic University of Gaza
Security Controls – What Works

Security Controls – What Works
1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.

1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.
ISS IT Assessment Framework

ISS IT Assessment Framework
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1 Sarbanes-Oxley IT Audits. 2 Sarbanes-Oxley 2002 Recommended “audit firms place a high priority on enhancing the overall effectiveness of auditors’ work.

1 Sarbanes-Oxley IT Audits. 2 Sarbanes-Oxley 2002 Recommended “audit firms place a high priority on enhancing the overall effectiveness of auditors’ work.
Operational Auditing--Fall 2009 1 Operational Auditing Fall 2009 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2009 Professor Bill O’Brien.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
MIS350 Accounting Information Systems Course Context.

MIS350 Accounting Information Systems Course Context.
Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.

Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
1 Pertemuan 9 Department Organization Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

1 Pertemuan 9 Department Organization Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

Similar presentations

Ads by Google