Information System Architecture and Audit Control Lecture 2

581 views

Published on

Information System Architecture and Audit Control

Published in: Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
581
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
40
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Information System Architecture and Audit Control Lecture 2

  1. 1. Information System Audit and Control Lecture No 2
  2. 2. IS Audit Resource Management • The IS technology is constantly changing. • The IS Auditors maintain their competency through updates of existing skills and obtaining trainings of new audit techniques. • The IS auditor should be technically sound and should maintain technical competence through continuing professional education.
  3. 3. IS Audit Resource Management (Cont’d) • A detailed staff training plan should be drawn based on technology and risk issues of an organization. • The trainings should be arranged at least semiannually. • The IS audit management provides necessary IT resources needed to perform IS audits of a highly specialized nature (e.g software scanners for network intrusion tests).
  4. 4. Audit Planning • Short term planning – Takes into account audit issues that will be covered during the year. • Long term planning – Takes into consideration risk-related issues which may affect the organization’s IT environment. • The planning of future audit activities should be reviewed by senior audit management and approved by audit committee.
  5. 5. Audit Planning (Con’d) • During audit planning, the IS auditor must have an understanding of the overall environment under review. – Various business practices and functions – Types of information systems – Supporting technology • The IS Auditor should: – Gain an understanding of business’s objectives – Information and processing requirements
  6. 6. Audit Planning (Con’d) – Identify policies, standards and guidelines – Perform risk analysis – Conduct IS control review – Set audit scope and audit objectives – Develop audit approach or audit strategy • Identifying available audit resources and assigning appropriate tasks.
  7. 7. Audit Planning (Con’d) – Identify policies, standards and guidelines – Perform risk analysis – Conduct IS control review – Set audit scope and audit objectives – Develop audit approach or audit strategy • Identifying available audit resources and assigning appropriate tasks.

×