Levels of IT audit implementation in Bosnia and Herzegovina

721 views

Published on

Master's thesis on the topic of "Levels of IT audit implementation in Bosnia and Herezgovina"

Published in: Education, Travel
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
721
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Levels of IT audit implementation in Bosnia and Herzegovina

  1. 1. Master Thesis Presentation Levels of IT audit implementation in Bosnia and HerzegovinaStudent: Supervisor:Nermin Ćatović Ing. Pavel Ĉech, Ph.D. 1
  2. 2. Levels of IT audit implementation in Bosnia and HerzegovinaIT auditingis the evaluation of IT, practices and operations to assurethe integrity of an entity’s information. Such evaluationcan include assessment of the efficiency, effectiveness,and economy of computer-based practices.Derived as an enhancement / support to financialauditingToday – important role in modern business 2
  3. 3. Levels of IT audit implementation in Bosnia and HerzegovinaBackground- Early stages of development in Bosnia and Herzegovina- Chances of huge impact on profession- No ISACA Chapter formed – only 24 registered members- EU integrations will require introduction of legislations- Two legislations in 2012 which change future of IT auditing (another two in preparation!): - Decision of Minimum Standards of Information System Management - Decision on Minimum Standards of Externalization/Outsourcing 3
  4. 4. Levels of IT audit implementation in Bosnia and HerzegovinaGoals and objectives- Determine and confirm needs for legal legislations- Awakening of consciousness about IT auditing- Determine levels of international standard and framework implementation so far- Awareness of companies- Needs to control and monitor processes are critical to business development 4
  5. 5. Levels of IT audit implementation in Bosnia and HerzegovinaHypothesisGrowing awareness on the evaluation of information technologies to supportmodern business and objectives in Bosnia and Herzegovina is changing. Thisopinion and awareness requires implementation of international standards andframeworks related to control and auditing, risk management, performancemeasures through adoption of legislatures which are necessary to establishhigher level of decision making in management.Research will try to prove positive changes and evolution of informationtechnology auditing compared to previous years. 5
  6. 6. Levels of IT audit implementation in Bosnia and HerzegovinaResearch- February 2012 ( opened for 1 month)- Email list based on previous contacts and use of LinkedIn group – IT revizija- Aimed focus group of 37 people 25 fully filled surveys (67% of aimed number) Easy-to-use filling form on www.itrevizija.ba 6
  7. 7. Levels of IT audit implementation in Bosnia and HerzegovinaResearch concept was based on 6 parts which include 28questions: – Profile – Company IT profile – Significance and benefits of information technology – IT problems and potential solutions – Awareness and usage of IT Governance frameworks – Awareness and usage of CobiT- Results which prove hypothesis will be shown- Comparison to similar research from 2009 7
  8. 8. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion P1.3 : Please indicate Question P1.1: Please indicate positionwhich group does your company within the organization?belong to. P1.3 Internal Auditors, IT security officer, Internal IT auditors, Head of IT department, 20% 20% Auditor, Deputy CEO, IT Supervisor, Project Manager, 0% 4% Assistant IT auditor, CSO, 12% CIO, IT Department Director, IT Project manager, Assistant Professor 44% Limited Liability Company (d.o.o. BiH) Financial Institution Corporation (joint-stock) Public institution or company Nonprofit organization Budget user 8
  9. 9. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion P3.2: How strongly would you agree or disagree that IT investmentshave created value for your organization? P3.2 * proof how IT gives out 0% 0% additional, competitive value 12% Absolutely agree 16% Agree Partly agree Strong disagree 72% I dont know 9
  10. 10. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion P3.4: Of these, which is the most important item in themanagement of IT activities of your organization? P3.4 0% Avoidance of negative incidents 0% 8% 4% Ensuring that the current IT functionality 16% is in compliance with current business needs Achieving a better balance between innovation and risk avoidance Alignment with business and/or legal regulations 72% I dont know 10
  11. 11. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion P3.7: To what extent does your IT department support thebusiness needs? P3.7 0% 0% 4% Does not support at all Does not support enough 32% Supports up to some limit Extremely supports I dont know 64% 11
  12. 12. Levels of IT audit implementation in Bosnia and HerzegovinaComparison to 2009 research- basis in similar research from 2009- clear goal of proving hypothesis and positive changes- MSc. Amra Alagid currently works at Federal Banking Agency (B&H)- best way of determining changes- questions that show difference 12
  13. 13. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion P2.4: How would you describe Managements level of involvementin IT governance? 2012 2009 0% Low level of 8% 8% engagement 8% Are informed, but 9% 17% not included 20% 22% Participate in 17% decision making Key people in decision making 35% Fully involved 56% I dont know 13
  14. 14. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion P3.8: How would you describe the fit or alignment between your ITstrategy and your organization’s overall business strategy? 2012 2009. Very poor 0% 0% 0% 4% Poor 4% 9% 4% 17% Average 20% 31% 44% Good 39% Very good I dont know 28% We dont have IT strategy 14
  15. 15. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion P5.2: Have you implemented, are you in the process ofimplementing or are you considering implementing improved IT governancepractices? 2012 2009. Not considering implementation 4% 13% Considering 11% implementation 28% 25% 12% 28% In the process of implementing 33% Have implemented 46% I dont know 15
  16. 16. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion P5.3: What solutions/frameworks do you use, are you consideringusing or not using?2012 ISO security standards – 55% using, 25% considering implementing2009 ISO security standards – 17% implemented2012 COBIT framework – 56,5% using, 13% consider implementing2009 (4th place) COBIT framework – 11% implementedInteresting data obtained is that 38% of respondents are mostly interestedand considering implementation of Val IT, but only 9.5% of them are usingit which is nearly the same number as from 2009 (9%). 16
  17. 17. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion P6.2: Are you personally aware of the contents of COBIT? 2012 2009. 9% 4% 25% Yes No 75% 87% I dont know 17
  18. 18. Levels of IT audit implementation in Bosnia and HerzegovinaResearch results - conclusions- Research that was conducted on the territory of Bosnia and Herzegovina has shown satisfactory conditions- Respondents consider IT generally important for their business- Follow practices of developed countries- Implementation of good practices through intensive cooperation of internal and external auditors.- Reducing risk of information technology --> advise management about practices of strategic approach- Strategic development plan --> strategic plan for implementation of IT- Shows how much management cares about establishment of effective systems of internal controls 18
  19. 19. Levels of IT audit implementation in Bosnia and HerzegovinaCobiT & problems?- Small amount of developed IT organizations mature enough to implement- Areas of banking and financial activities- Insufficient institutionalized encouragement- COBIT framework must be adapted to use in each individual organization (if we are using it to improve processes)- Change in mindset, orientation and training of organization and its employees- „ community of auditors „ 19
  20. 20. Levels of IT audit implementation in Bosnia and HerzegovinaImprovements & suggestions- Not perfect but clear improvements can be seen- Increase popularity of www.itrevizija.ba- Training, on-line educations, consultant lectures, presentations, case studies, etc.- Benefits of organizing first IT auditing conference- Clearer understanding of risk, development of audit programs- Promotion of the frameworks within auditing community- Experiences and examples from similar countries and European Union 20
  21. 21. Levels of IT audit implementation in Bosnia and HerzegovinaPublication- Research document prepared for all interested individuals- Free publication available on www.itrevizija.ba- Extremely positive comments from leading experts so far- Possibility of publishing results and publication by Institute of Internal Auditors (IIA BiH)- Invitation to write 2-3 part article about IT auditing with research results in leading accounting and auditing magazine „Porezni savjetnik“ – Tax advisor 21
  22. 22. Thank you for attention! Nermin Ćatović 22
  23. 23. Reviewer’s questions: Other questions? 23
  24. 24. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion 1: What do you think is the most interestingresult from your survey from the B&H IT industry pointof view? Support it with some sound arguments.Question 2. Was the number of completely filledsurveys high enough for achieving some soundstatistical results? 24
  25. 25. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion P5.4: How important is IT risk management to yourorganization? 2012 2009 0% 4% 4% 4% 14% 5% Not important at all 20% Not very important 48% 9% Not sure Somewhat important 24% Very important 68% I dont know 25
  26. 26. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion 1: What do you think is the most interesting result from yoursurvey from the B&H IT industry point of view? Support it with somesound arguments.According to a 2009 survey of 280 audit committee members conducted byKPMG in conjunction with the National Association of CorporateDirectors, IT risk is a key area of concern.Banking sector – huge risks (cyber attacks) – constant increase- Lack of legislations – REDUCING RISK takes an essential role- Realization that IT risk management is crucial in protecting their assets- Corporate risk management – clearly part of internal controls- Provides guidance to help executives and management ask the key questions, make better, more informed risk-adjusted decisions and guide their enterprises so risk is managed effectively- Helps save time, cost and effort with tools to address business risks 26
  27. 27. Levels of IT audit implementation in Bosnia and HerzegovinaQuestion 2. Was the number of completely filled surveys high enough forachieving some sound statistical results?- Undeveloped IT community- Basic statistical data- 2009 research 27 filled questionnaires | 2012 research 25 filled- Physical presence and deep networking abilities crucial for obtaining data- Professional encouragement from experts- Advices of how to improve future version of research – EMPHASIS on larger group of experts and individual question relationships ( multivariable statistical analysis)- Personal opinion – IT CAN/MUST BE IMPROVED- „ Research V2 „ - extensive research on this topic (from inside industry /profession) 27

×