The Status of IT Audit Education


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The Status of IT Audit Education

  1. 1. Sam A. Hicks, PhD Department of Accounting & Information Systems Audit track atVA SCAN VirginiaTech October 6 ,2008 The Status of IT Audit Education
  2. 2. What is Information Systems Audit What is an Audit • Auditing: Systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users. • Financial Statement Auditors – Established criteria is Generally Accepted Accounting Principles [GAAP] • Financial Statement Auditors – Must attest to the amounts on the financial statements, they cannot only attest to the system
  3. 3. An audit compares actual to standard – established criteria for IS Audit is COSO, COBIT, Basel II Accord, ITIL, and several ISO standards. Sarbanes Oxley requires that management attest to Internal control over the Accounting system and Auditors audit management’s assertions as to Internal Control Again, standard for Internal Control is COSO, COBIT, Basel II Accord, ITIL, and several ISO standards.
  4. 4. IS Audit A specialized audit focusing on the controls of the information systems of the entity. Most frequently the IS Auditor is a part of the internal audit team. As such, the IS Auditor is an integral part of the Design and Development of the system – reviews the system analysis and design of the system, the purchase or programming of the system, the installation, and the post-implementation review
  5. 5. IS Audit Security [Availability, Confidentiality and Integrity] of the system – access, back-up, separation of duties, training of users, documentation of system Change management Control of software Enhance operations with changes Do the tasks of the IS Auditor matter?
  6. 6. AICPA Top Ten IT Concerns Rankin g 2008 2007 2006 2005 2004 1 Information Security Management Information Security Management Information Security. Informati on Security Information Security 2 IT Governance Identity and Access Management Assurance and Compliance Application s Electroni c Documen t Managem ent Spam Technology 3 Business Continuity Management (BCM) and Disaster Recovery Planning (DRP) Conforming to Assurance and Compliance Standards Disaster and Business Continuity Planning. Data Integrati on Digital Optimizatio n
  7. 7. AICPA Top Ten IT Concerns 4 Privacy Management Privacy Management IT Governance. Spam Technology Database and Application Integration 5 Business Process Improvement (BPI), Workflow and Process Exception Alerts Disaster Recovery Planning and Business continuity Management Privacy Management Disaster Recovery Wireless Technologie s 6 Identity and Access Management IT Governance Digital Identity and Authentication Technologies Collaboratio n and Messaging Applications Disaster Recovery 7 Conforming to Assurance and Compliance Standards Securing and Controlling Information Distribution Wireless Technologies Wireless Technologie s Data Mining
  8. 8. AICPA Top Ten IT Concerns 88 Business Intelligence (BI) Mobile and Remote Computing Application and Data Integration Authentic ation Technolog ies Virtual Office 9 Mobile and Remote Computing Electronic Archiving and Data Retention Paperless Digital Technologie s Storage Technolog ies Business Exchange Technology 10 Document, Forms, Content and Knowledge Management Document, Content and Knowledge Management Spyware Detection and Removal Learning and Training Competen cy Messaging Applications
  9. 9. Public Company Accounting Oversight Board's (PCAOB) Auditors who sign reports tend to be financial statement auditors with little knowledge of systems PCAOB suggests that financial statement auditors have more IT education Expressed concern of PCAOB Advisory Group
  10. 10. Department of Defense In May 2006, required about 80,000 professionals in the area of Information Assurance Workforce, to acquired one of 13 professional certifications. Certified Information Systems Auditor [CISA] was one of the 13.
  11. 11. Certified Information Systems Auditor [CISA] Pass the CISA Exam Have IS Audit experience – 5 years Abide by Code of Ethics Continuing Professional Education Follow IS Auditing Standards issued by ISACA
  12. 12. CISA Exam 200 multiple choice questions Topics The IS Audit Process IT Governance Systems Life Cycle IT Service Delivery and Support [Operations] Security Business Continuity and Disaster Recovery
  13. 13. Salary Info Premium of 10 to 15% for certification CISA, CISSP and CISM were among the highest Certification Magazine’s 2007 Salary Survey report CISM came in second at $115,720 -- ISACA reports about 8,000 professional world-wide have CISM CISA came in fifth at $98,740 – ISACA reports about 55,000 professional world-wide have CISA
  14. 14. So What From this kind of information, Demand for IS Auditors is strong. Most of our students have multiple offers Yet
  15. 15. ISACA Student Members Website reports that over 800 students have student memberships representing 200 schools Thus only about 4 per school!
  16. 16. Students Graduating from ACIS Students graduating 12 months period ending June 30 Goal 2008 2007 2006 2005 2004 Accounting Option 90 128 155 132 134 116 Systems Assurance Option [IS Audit] 45 12 11 13 19 20 Systems Development Option 40 5 4 15 13 19 Total Graduates 175 145 170 160 166 155
  17. 17. Information Systems Audit and Control Association (ISACA) model curriculum General Education and General Business Three parts Accounting Systems Auditing
  18. 18. ISACA model curriculum – Accounting Accounting Principles I Accounting Principles II Intermediate Accounting I or Management Accounting Process Control/Internal Control Accounting Information Systems
  19. 19. ISACA model curriculum – Information Systems Introduction to Computers Computer Programming Systems Analysis & Design Data Base Management Systems Computer-based Communication Networks Management of Information Systems
  20. 20. ISACA model curriculum – Auditing Internal Auditing I Introduction to Information Systems Auditing/CAATs Special Topics (e.g., IS Integrity and Confidentiality, Audit Ethics)
  21. 21. IS Audit at Virginia Tech Undergraduate General Education 50 credits General Business 33 Credits Accounting 15 Credits Intermediate 6 Cost 3 Tax 3 Accounting Systems and Controls 3
  22. 22. IS Audit at Virginia Tech Undergraduate Information Systems 12 Credits Information Systems Development Database Management systems Networks and Telecommunications in Business Personal Computers in Business
  23. 23. IS Audit at Virginia Tech Undergraduate Auditing – 9 Credits Auditing Governance and Professional Ethics Financial Statement Auditing Information Systems Audit and Control Electives – 6 Credits
  24. 24. What would you Change?
  25. 25. Alternative paths to IS Audit knowledge Business Information Technology Computer Science Computer Engineering
  26. 26. Other CERTIFICATIONS CFE Certified Fraud Examiner CIA Certified Internal Auditor CISSP Certification for Information System Security Professional CNE Certified Novell Engineer CPA Certified Public Accountant CRP Certified Risk Professional MCSE Microsoft Certified Systems Engineer CISA Certified Information Systems Auditor CITP Certified Information Technology Professional [from AICPA]
  27. 27. Additional Cerifications CCM Certified Cash Manager CCSA Certification in Control Self Assessment CCDA Cisco Certified Design Associate CCNA Cisco Certified Network Administrator CMA Certified Management Accountant CFM Certified in Financial Management SAPTASAP Technical Auditor CMC Certified Management Consultant CFA Certified Financial Analyst CBCP Certified Business Continuity Professional CIDA Certified Investments & Derivatives
  28. 28. Why a certificate? Connected to a professional group Documents some level of knowledge Recognition to you Parting Words
  29. 29. Advice From CIOs • Get uncomfortable • Be willing to admit to errors that you make – take responsibility • Go with your gut – listen, learn, then go with your instinct • Get dirty – be willing to try • Love it or Leave it – Life is too short to do what you do not love to do, move on and try something different • CIO January 29, 2008