SlideShare a Scribd company logo

Task 2

Download as DOCX, PDF
B
BIBEKCHAUDHARYBScHon

About IS audit

Government & Nonprofit
1 of 4
Name: BibekChaudhary Type: Internship Department: GRCand IS Audit
IS Audit The process of collecting and examining the management of controls over an organization's information systems, processes, controls, and operations is known as an IS audit. The IS audit process determines if the components of the information systems that secure assets and ensure data integrity are operating successfully to fulfill the organization's overall goals and objectives by analyzing evidence gathered through the IS audit process. The audit reviews can be undertaken as part of a financial statement audit, internal audit, or other types of attestation engagement. IS Audit cover following categories. - Systems & Applications: A focus on an organization's systems and applications. - Information Processing Facilities: Ensuring that IT procedures run smoothly, on time, and accurately, regardless of the circumstances. - System Development: Determine whether or not the systems in development are compliant with the organization's standards. - IT and Enterprise Architecture management, as well as ensuring that IT management is structured and activities are carried out in a regulated and effective manner. The IS Audit involving auditing the management, operational and Technical Controls. Importance of IS Audit an Organization Since 2019, the government of many nations, including Nepal, has made it necessary for certain types of firms to do an IS audit. When an institution conducts an IS audit, it can examine its information system's gaps and weaknesses, identify potential sources of threats, assess information misuse, and identify high-risk elements. The primary goal of an IS audit is to assist the organization's information system managers in effectively carrying out their jobs and responsibilities in order to achieve the organization's objectives, as well as to improve correct decision-making and data and information security. Tracing one's data might also aid in data recovery if an error has occurred. Legalities in Nepal The Nepal Rastra Bank's IT policy and IT Guidelines guide IS audit regulations (2012). According to the guidelines, an organization must take the necessary steps to make its employees, contractors, and consultants aware of the company's IS policy and to ensure that
they follow it, which can be accomplished through proper employment information, employee agreements, policy awareness, and acknowledgment. They must also undertake Risk Assessments on a regular basis, at least once a year, within an agreement of technological operations that can have a significant influence on the organization's business and reputation, and respond accordingly. Major Focused Areas  Governance and Management of IT IT governance is a formal framework that gives organizations a mechanism to ensure that their IT investments support their business goals and the needs of their stakeholders. They necessitate periodic evaluations to prevent obsolete information from exposing the firm to uninvited risks or noncompliance. We look at whether IT Strategy, IT-Related Frameworks, IT Standards, Policies and Procedures are being followed correctly or not by comparing them to industry guidelines and best practices. These are critical because they direct the work force and ensure proper resource utilization.  Information Systems Acquisition, Development and Implementation It covers how IT auditors provide assurance that the practices for the acquisition, development, testing, and implementation of IS meet the organization’s strategies and objectives. We examine the Business Case and Feasibility Analysis and test the system development methodologies and ensure the Post- implementation Review are also made as it ought to be.  Protection of information Assets Understanding of the value of information asset is a key consideration for information systems management. It includes the comprehensive list of Mobile, Wireless, and Internet-of-Things (IoT) Devices - computer equipment, phones, network, email, data and any access-related items such as cards, tokens and password etc. This area of focus aims to provide assurance that the information assets’ confidentiality, integrity and availability are ensured by the enterprises’ security policies, standards, procedures and controls.  Information Systems Operations & Business Resilience Business resilience planning is a governance and risk management responsibility that organization must address to enable them to survive and thrive in an increasingly hostile environment. It encompasses crisis management and business continuity plans to various types of risk that an organization may face, from cyber threat to natural disaster, and much else besides. As well as , business resilience relates the ways an organization addresses the consequences of the incidents and the ability of an organization to adapt to the new environment
and circumstances following that incident. We examine organization’s Business Impact Analysis, Business Continuity Plan, Disaster Recovery Plans, Data Backup, Storage, and Restoration and System Resiliency and conclude if the organization has successfully been able to overcome the incidents if any.  Audit Methodology We follow ISACA guidelines for the audit along with the best industry practices and incorporate various IT framework, Guidelines & Standards like COBIT 5, ISO 270001, NIST Framework, NRB IT guidelines, NTA Cyber Byelaws, ITIL, PCI DSS etc. wherever necessary. We also have partnered with foreign based leading cyber security companies to serve our valuable clients wherein the expert resources are required.

Recommended

task 1
task 1task 1
task 1
BIBEKCHAUDHARYBScHon
 
Task 3
Task 3Task 3
Task 3
BIBEKCHAUDHARYBScHon
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
EC-Council
 
Cisa 2013 ch0
Cisa 2013 ch0Cisa 2013 ch0
Cisa 2013 ch0
Aladdin Dandis
 
Cisa 2013 ch2
Cisa 2013 ch2Cisa 2013 ch2
Cisa 2013 ch2
Aladdin Dandis
 
Cisa 2013 ch4
Cisa 2013 ch4Cisa 2013 ch4
Cisa 2013 ch4
Aladdin Dandis
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
Hiran Kanishka
 

Recommended

task 1
task 1task 1
task 1
BIBEKCHAUDHARYBScHon
 
Task 3
Task 3Task 3
Task 3
BIBEKCHAUDHARYBScHon
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
EC-Council
 
Cisa 2013 ch0
Cisa 2013 ch0Cisa 2013 ch0
Cisa 2013 ch0
Aladdin Dandis
 
Cisa 2013 ch2
Cisa 2013 ch2Cisa 2013 ch2
Cisa 2013 ch2
Aladdin Dandis
 
Cisa 2013 ch4
Cisa 2013 ch4Cisa 2013 ch4
Cisa 2013 ch4
Aladdin Dandis
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
Hiran Kanishka
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014
Aladdin Dandis
 
insider threat research
insider threat researchinsider threat research
insider threat research
Asma Al-maskaria
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3
Aladdin Dandis
 
Cissp notes
Cissp notesCissp notes
Cissp notes
Jagbir Singh
 
Security management and tools
Security management and toolsSecurity management and tools
Security management and tools
Vibhor Raut
 
Ch2 cism 2014
Ch2 cism 2014Ch2 cism 2014
Ch2 cism 2014
Aladdin Dandis
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
elvinchan
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security Model
OnRamp
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
Imperva
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
Seccuris Inc.
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009
asundaram1
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Eryk Budi Pratama
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
David Kearney
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
Raymond Cunningham
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
Precisely
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.
Computer engineering company
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
Nada G.Youssef
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
Yulias Sihombing, Ak, MAk, CIA
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
GrapesTech Solutions
 

More Related Content

What's hot

Security management and tools
Security management and toolsSecurity management and tools
Security management and tools
Vibhor Raut
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security Model
OnRamp
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
David Kearney
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
Precisely
 

What's hot (20)

Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014
 
insider threat research
insider threat researchinsider threat research
insider threat research
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3
 
Cissp notes
Cissp notesCissp notes
Cissp notes
 
Security management and tools
Security management and toolsSecurity management and tools
Security management and tools
 
Ch2 cism 2014
Ch2 cism 2014Ch2 cism 2014
Ch2 cism 2014
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security Model
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 

Similar to Task 2

IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
GrapesTech Solutions
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
JoshJaro
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
healdkathaleen
 
NQA - Information security best practice guide
NQA - Information security best practice guideNQA - Information security best practice guide
NQA - Information security best practice guide
NA Putra
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdf
SALES97
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
John Intindolo
 
IMT500 Foundations Of Information Management.docx
IMT500 Foundations Of Information Management.docxIMT500 Foundations Of Information Management.docx
IMT500 Foundations Of Information Management.docx
write4
 
Report on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_ThangReport on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_Thang
Thang Ta Hoang
 
Technology Risk Services
Technology Risk ServicesTechnology Risk Services
Technology Risk Services
sarah kabirat
 

Similar to Task 2 (20)

Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
 
Grc and is audit
Grc and is auditGrc and is audit
Grc and is audit
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
it grc
it grc it grc
it grc
 
Information governance presentation
Information governance presentationInformation governance presentation
Information governance presentation
 
A Guide To IT Compliance Assessment And Management
A Guide To IT Compliance Assessment And ManagementA Guide To IT Compliance Assessment And Management
A Guide To IT Compliance Assessment And Management
 
Enterprise Information Management Strategy - a proven approach
Enterprise Information Management Strategy - a proven approachEnterprise Information Management Strategy - a proven approach
Enterprise Information Management Strategy - a proven approach
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
 
NQA - Information security best practice guide
NQA - Information security best practice guideNQA - Information security best practice guide
NQA - Information security best practice guide
 
IT in BUSINESS
IT in BUSINESSIT in BUSINESS
IT in BUSINESS
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdf
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
 
IMT500 Foundations Of Information Management.docx
IMT500 Foundations Of Information Management.docxIMT500 Foundations Of Information Management.docx
IMT500 Foundations Of Information Management.docx
 
Report on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_ThangReport on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_Thang
 
Audit presentation
Audit presentationAudit presentation
Audit presentation
 
COBIT 4.0
COBIT 4.0COBIT 4.0
COBIT 4.0
 
It governance
It governanceIt governance
It governance
 
Technology Risk Services
Technology Risk ServicesTechnology Risk Services
Technology Risk Services
 

Recently uploaded

Erotic Ratnagiri Call Girls (Adult Only) 💯Call Us 🔝 6378878445 🔝 💃 Escort Ser...
Erotic Ratnagiri Call Girls (Adult Only) 💯Call Us 🔝 6378878445 🔝 💃 Escort Ser...Erotic Ratnagiri Call Girls (Adult Only) 💯Call Us 🔝 6378878445 🔝 💃 Escort Ser...
Erotic Ratnagiri Call Girls (Adult Only) 💯Call Us 🔝 6378878445 🔝 💃 Escort Ser...
manju garg
 
RIMJHIM $ best call girls in Nandurbar Call Girls Service 👉📞 6378878445 👉📞 Ju...
RIMJHIM $ best call girls in Nandurbar Call Girls Service 👉📞 6378878445 👉📞 Ju...RIMJHIM $ best call girls in Nandurbar Call Girls Service 👉📞 6378878445 👉📞 Ju...
RIMJHIM $ best call girls in Nandurbar Call Girls Service 👉📞 6378878445 👉📞 Ju...
gragfaguni
 
Competitive Advantage slide deck___.pptx
Competitive Advantage slide deck___.pptxCompetitive Advantage slide deck___.pptx
Competitive Advantage slide deck___.pptx
ScottMeyers35
 
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Menggugurkan Kandungan 087776558899
 
☎ ️6378878445 ☎️Cash On Delivery Call Girls In Nandurbar, (Riya) call me [ 63...
☎ ️6378878445 ☎️Cash On Delivery Call Girls In Nandurbar, (Riya) call me [ 63...☎ ️6378878445 ☎️Cash On Delivery Call Girls In Nandurbar, (Riya) call me [ 63...
☎ ️6378878445 ☎️Cash On Delivery Call Girls In Nandurbar, (Riya) call me [ 63...
manju garg
 
Nitrogen filled high expansion foam in open Containers
Nitrogen filled high expansion foam in open ContainersNitrogen filled high expansion foam in open Containers
Nitrogen filled high expansion foam in open Containers
Harm Kiezebrink
 
Unique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdfUnique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdf
ScottMeyers35
 
Call Girls Service Ajmer 6378878445 Book Escort Models Any Time
Call Girls Service Ajmer 6378878445 Book Escort Models Any TimeCall Girls Service Ajmer 6378878445 Book Escort Models Any Time
Call Girls Service Ajmer 6378878445 Book Escort Models Any Time
vershagrag
 

Recently uploaded (20)

Item # 7-8 - 6900 Broadway P&Z Case # 438
Item # 7-8 - 6900 Broadway P&Z Case # 438Item # 7-8 - 6900 Broadway P&Z Case # 438
Item # 7-8 - 6900 Broadway P&Z Case # 438
 
NGO working for orphan children’s education
NGO working for orphan children’s educationNGO working for orphan children’s education
NGO working for orphan children’s education
 
Panchayath circular KLC -Panchayath raj act s 169, 218
Panchayath circular KLC -Panchayath raj act s 169, 218Panchayath circular KLC -Panchayath raj act s 169, 218
Panchayath circular KLC -Panchayath raj act s 169, 218
 
Erotic Ratnagiri Call Girls (Adult Only) 💯Call Us 🔝 6378878445 🔝 💃 Escort Ser...
Erotic Ratnagiri Call Girls (Adult Only) 💯Call Us 🔝 6378878445 🔝 💃 Escort Ser...Erotic Ratnagiri Call Girls (Adult Only) 💯Call Us 🔝 6378878445 🔝 💃 Escort Ser...
Erotic Ratnagiri Call Girls (Adult Only) 💯Call Us 🔝 6378878445 🔝 💃 Escort Ser...
 
PPT Item # 5 -- Announcements Powerpoint
PPT Item # 5 -- Announcements PowerpointPPT Item # 5 -- Announcements Powerpoint
PPT Item # 5 -- Announcements Powerpoint
 
AHMR volume 10 number 1 January-April 2024
AHMR volume 10 number 1 January-April 2024AHMR volume 10 number 1 January-April 2024
AHMR volume 10 number 1 January-April 2024
 
RIMJHIM $ best call girls in Nandurbar Call Girls Service 👉📞 6378878445 👉📞 Ju...
RIMJHIM $ best call girls in Nandurbar Call Girls Service 👉📞 6378878445 👉📞 Ju...RIMJHIM $ best call girls in Nandurbar Call Girls Service 👉📞 6378878445 👉📞 Ju...
RIMJHIM $ best call girls in Nandurbar Call Girls Service 👉📞 6378878445 👉📞 Ju...
 
The 2024 World Wildlife Crime Report tracks all these issues, trends and more...
The 2024 World Wildlife Crime Report tracks all these issues, trends and more...The 2024 World Wildlife Crime Report tracks all these issues, trends and more...
The 2024 World Wildlife Crime Report tracks all these issues, trends and more...
 
Competitive Advantage slide deck___.pptx
Competitive Advantage slide deck___.pptxCompetitive Advantage slide deck___.pptx
Competitive Advantage slide deck___.pptx
 
Plant health, safe trade and digital technology.
Plant health, safe trade and digital technology.Plant health, safe trade and digital technology.
Plant health, safe trade and digital technology.
 
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
 
☎ ️6378878445 ☎️Cash On Delivery Call Girls In Nandurbar, (Riya) call me [ 63...
☎ ️6378878445 ☎️Cash On Delivery Call Girls In Nandurbar, (Riya) call me [ 63...☎ ️6378878445 ☎️Cash On Delivery Call Girls In Nandurbar, (Riya) call me [ 63...
☎ ️6378878445 ☎️Cash On Delivery Call Girls In Nandurbar, (Riya) call me [ 63...
 
2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.
 
2024: The FAR, Federal Acquisition Regulations, Part 32
2024: The FAR, Federal Acquisition Regulations, Part 322024: The FAR, Federal Acquisition Regulations, Part 32
2024: The FAR, Federal Acquisition Regulations, Part 32
 
Nitrogen filled high expansion foam in open Containers
Nitrogen filled high expansion foam in open ContainersNitrogen filled high expansion foam in open Containers
Nitrogen filled high expansion foam in open Containers
 
Unique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdfUnique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdf
 
Call Girls Service Ajmer 6378878445 Book Escort Models Any Time
Call Girls Service Ajmer 6378878445 Book Escort Models Any TimeCall Girls Service Ajmer 6378878445 Book Escort Models Any Time
Call Girls Service Ajmer 6378878445 Book Escort Models Any Time
 
School Health and Wellness Programme -.pptx
School Health and Wellness Programme -.pptxSchool Health and Wellness Programme -.pptx
School Health and Wellness Programme -.pptx
 
ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall Girl Serviℂe Available
ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall Girl Serviℂe Availableℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall Girl Serviℂe Available
ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall Girl Serviℂe Available
 
Honasa Consumer Limited Impact Report 2024.pdf
Honasa Consumer Limited Impact Report 2024.pdfHonasa Consumer Limited Impact Report 2024.pdf
Honasa Consumer Limited Impact Report 2024.pdf
 

Task 2

  • 2. IS Audit The process of collecting and examining the management of controls over an organization's information systems, processes, controls, and operations is known as an IS audit. The IS audit process determines if the components of the information systems that secure assets and ensure data integrity are operating successfully to fulfill the organization's overall goals and objectives by analyzing evidence gathered through the IS audit process. The audit reviews can be undertaken as part of a financial statement audit, internal audit, or other types of attestation engagement. IS Audit cover following categories. - Systems & Applications: A focus on an organization's systems and applications. - Information Processing Facilities: Ensuring that IT procedures run smoothly, on time, and accurately, regardless of the circumstances. - System Development: Determine whether or not the systems in development are compliant with the organization's standards. - IT and Enterprise Architecture management, as well as ensuring that IT management is structured and activities are carried out in a regulated and effective manner. The IS Audit involving auditing the management, operational and Technical Controls. Importance of IS Audit an Organization Since 2019, the government of many nations, including Nepal, has made it necessary for certain types of firms to do an IS audit. When an institution conducts an IS audit, it can examine its information system's gaps and weaknesses, identify potential sources of threats, assess information misuse, and identify high-risk elements. The primary goal of an IS audit is to assist the organization's information system managers in effectively carrying out their jobs and responsibilities in order to achieve the organization's objectives, as well as to improve correct decision-making and data and information security. Tracing one's data might also aid in data recovery if an error has occurred. Legalities in Nepal The Nepal Rastra Bank's IT policy and IT Guidelines guide IS audit regulations (2012). According to the guidelines, an organization must take the necessary steps to make its employees, contractors, and consultants aware of the company's IS policy and to ensure that
  • 3. they follow it, which can be accomplished through proper employment information, employee agreements, policy awareness, and acknowledgment. They must also undertake Risk Assessments on a regular basis, at least once a year, within an agreement of technological operations that can have a significant influence on the organization's business and reputation, and respond accordingly. Major Focused Areas  Governance and Management of IT IT governance is a formal framework that gives organizations a mechanism to ensure that their IT investments support their business goals and the needs of their stakeholders. They necessitate periodic evaluations to prevent obsolete information from exposing the firm to uninvited risks or noncompliance. We look at whether IT Strategy, IT-Related Frameworks, IT Standards, Policies and Procedures are being followed correctly or not by comparing them to industry guidelines and best practices. These are critical because they direct the work force and ensure proper resource utilization.  Information Systems Acquisition, Development and Implementation It covers how IT auditors provide assurance that the practices for the acquisition, development, testing, and implementation of IS meet the organization’s strategies and objectives. We examine the Business Case and Feasibility Analysis and test the system development methodologies and ensure the Post- implementation Review are also made as it ought to be.  Protection of information Assets Understanding of the value of information asset is a key consideration for information systems management. It includes the comprehensive list of Mobile, Wireless, and Internet-of-Things (IoT) Devices - computer equipment, phones, network, email, data and any access-related items such as cards, tokens and password etc. This area of focus aims to provide assurance that the information assets’ confidentiality, integrity and availability are ensured by the enterprises’ security policies, standards, procedures and controls.  Information Systems Operations & Business Resilience Business resilience planning is a governance and risk management responsibility that organization must address to enable them to survive and thrive in an increasingly hostile environment. It encompasses crisis management and business continuity plans to various types of risk that an organization may face, from cyber threat to natural disaster, and much else besides. As well as , business resilience relates the ways an organization addresses the consequences of the incidents and the ability of an organization to adapt to the new environment
  • 4. and circumstances following that incident. We examine organization’s Business Impact Analysis, Business Continuity Plan, Disaster Recovery Plans, Data Backup, Storage, and Restoration and System Resiliency and conclude if the organization has successfully been able to overcome the incidents if any.  Audit Methodology We follow ISACA guidelines for the audit along with the best industry practices and incorporate various IT framework, Guidelines & Standards like COBIT 5, ISO 270001, NIST Framework, NRB IT guidelines, NTA Cyber Byelaws, ITIL, PCI DSS etc. wherever necessary. We also have partnered with foreign based leading cyber security companies to serve our valuable clients wherein the expert resources are required.