Intro to IT Auditing
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
656
On Slideshare
642
From Embeds
14
Number of Embeds
1

Actions

Shares
Downloads
29
Comments
0
Likes
0

Embeds 14

http://www.schoology.com 14

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • The Problem with outsourcing If the organization decided to outsource its internal audit function, they should really consider how this transition will happen. (Internal Audit Provider goals may increase engagements, make money from the process, while the objectives of the organization is assess internal control and risks)
  • The Problem with outsourcing If the organization decided to outsource its internal audit function, they should really consider how this transition will happen. (Internal Audit Provider goals may increase engagements, make money from the process, while the objectives of the organization is assess internal control and risks)
  • Widespread interest in GRC was sparked by the US Sarbanes-Oxley Act and the need for US listed companies to design and implement suitable governance controls for SOX compliance, but the focus of GRC has since shifted towards adding business value through improving operational decision making and strategic planning. It therefore has relevance beyond the SOX world.Governance, Risk, and Compliance or "GRC" is an increasingly recognized term that reflects a new way in which organizations are adopting an integrated approach to these aspects of their business.Automate the processes that company use based on the policy to ensure compliance
  • The scope of internal auditing has grown significantly, from finance to regulatory compliance to risk management to operations. The key today is for organizations to identify meaningful ways to use resources devoted to auditing andimprovingbusiness performance and create more value for the organization.Internal auditors have been adopting GRC software that can easily link information about the company’s organization, efficiency, and risk profile with business process knowledge and how these processes relate to risk and control objectives.

Transcript

  • 1. Introduction to IT AuditingIyadMourtada, CIA, CFE, CMA, CPLP, M.A.
  • 2. Information security remains a critical risk
  • 3. Information security remains a critical risk
  • 4. Understand New Risks
  • 5. Governance, Risk management and Compliance (GRC) “A system of people, processes and technology that enables an organization to understand and prioritize stakeholder expectations; set business objectives that are congruent with values and risks; achieve objectives while optimizing risk profile and protecting value; operate within legal, contractual, internal, social and ethical boundaries; provide relevant, reliable and timely information to appropriate stakeholders; and enable the measurement of the performance and effectiveness of the system.”Norman Marks
  • 6. Governance, Risk management and Compliance (GRC)
  • 7. Certified Information Systems Auditor (CISA)
  • 8. - More than 87,000 professionals in over 150 countrieshave earned the CISA designation since its inception in1978.- Consistently ranked as one of the highest paying andsought-after IT certifications.- Considered a pre-requisite by many companies andgovernmental agencies.- Accredited by the American National StandardsInstitute (ANSI) under ISO/IEC 17024, an internationalaccreditation.- The U.S. Department of Defense (DoD) 8570.01-M“Information Assurance Workforce ImprovementProgram” manual named CISA certifications amongthose approved for DoD information assurance (IA)professionals.
  • 9. - More than 87,000 professionals in over 150 countrieshave earned the CISA designation since its inception in1978.- Consistently ranked as one of the highest paying andsought-after IT certifications.- Considered a pre-requisite by many companies andgovernmental agencies.- Accredited by the American National StandardsInstitute (ANSI) under ISO/IEC 17024, an internationalaccreditation.- The U.S. Department of Defense (DoD) 8570.01-M“Information Assurance Workforce ImprovementProgram” manual named CISA certifications amongthose approved for DoD information assurance (IA)professionals.