SlideShare a Scribd company logo

Auditing information System

Download as PPTX, PDF
Dr. Rosemarie Sibbaluca-Guirre
Dr. Rosemarie Sibbaluca-Guirre

Auditing Internal auditing Information systems audit Operational audit Compliance audit Investigative audit Inherent risk Control risk Detection risk Confirmation Reperformance Vouching Analytical review Materiality Reasonable assurance Systems review Test of controls Compensating controls Source code comparison program Reprocessing Parallel simulation Test data generator Concurrent audit techniques Embedded audit modules Integrated test facility (ITF) Snapshot technique System control audit review file (SCARF) Audit log Computer-assisted audit techniques (CAAT)

1 of 15
The examination and evaluation of an organization's information technology infrastructur
The process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond with established
1. Audit planning  Why, how, when, and who  Establish scope and objectives of the audit; identify risk 2. Collection of audit evidence 3. Evaluation of evidence 4. Communication of results
1. Identify fraud and errors (threats) that can occur that threaten each objective 2. Identify control procedures (prevent, detect, correct the threats) 3. Evaluate control procedures Review to see if control exists and is in place Test controls to see if they work as intended 4. Determine effect of control weaknesses Compensating controls
ZProtect overall system security (includes computer equipment, programs, and data) ZProgram development and acquisition occur under management authorization ZProgram modifications occur under management authorization
ZAccurate and complete processing of transactions, records,files and reports ZPrevent,detect, or correct inaccurate or unauthorized source data ZAccurate, complete, and confidential data files
•Integrated Test Facility •Snapshot Technique •System Control Audit Review File (SCARF) •Audit Hooks •Continuous and Intermittent Simulation
•Integrated Test Facility ▫Uses fictitious inputs •Snapshot Technique ▫Master files before and after update are stored for specially marked transactions •System Control Audit Review File (SCARF) ▫Continuous monitoring and storing of transactions that meet pre-specifications
•Audit Hooks ▫Notify auditors of questionable transactions •Continuous and Intermittent Simulation ▫Similar to SCARF for DBMS
Automated Audit Workpapers Data Analysis Risk Assessment Scheduling Timekeeping Flowcharting Report Generation
Computer Audit Software can perform audit tasks on a copy of a company’s data.
Operational Audits To evaluate effectiveness, efficiency, and goal achievement. Although the basic audit steps are the same, the specific activities of evidence collection are focused toward operations.
Auditing information System

Recommended

General and Application Control - Security and Control Issues in Informatio...
General and Application Control - Security and Control Issues in Informatio...General and Application Control - Security and Control Issues in Informatio...
General and Application Control - Security and Control Issues in Informatio...
Dr. Rosemarie Sibbaluca-Guirre
 
Security and Control Issues in information Systems
Security and Control Issues in information SystemsSecurity and Control Issues in information Systems
Security and Control Issues in information Systems
Dr. Rosemarie Sibbaluca-Guirre
 
Procedural Controls
Procedural ControlsProcedural Controls
Procedural Controls
Dr. Rosemarie Sibbaluca-Guirre
 
Introduction to Computer Programming
Introduction to Computer Programming Introduction to Computer Programming
Introduction to Computer Programming
Dr. Rosemarie Sibbaluca-Guirre
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & Control
Adetula Bunmi
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
Yasir Khan
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
Cicero Ray Rufino
 

Recommended

General and Application Control - Security and Control Issues in Informatio...
General and Application Control - Security and Control Issues in Informatio...General and Application Control - Security and Control Issues in Informatio...
General and Application Control - Security and Control Issues in Informatio...
Dr. Rosemarie Sibbaluca-Guirre
 
Security and Control Issues in information Systems
Security and Control Issues in information SystemsSecurity and Control Issues in information Systems
Security and Control Issues in information Systems
Dr. Rosemarie Sibbaluca-Guirre
 
Procedural Controls
Procedural ControlsProcedural Controls
Procedural Controls
Dr. Rosemarie Sibbaluca-Guirre
 
Introduction to Computer Programming
Introduction to Computer Programming Introduction to Computer Programming
Introduction to Computer Programming
Dr. Rosemarie Sibbaluca-Guirre
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & Control
Adetula Bunmi
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
Yasir Khan
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
Cicero Ray Rufino
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Security
SecuritySecurity
Security
a1aass
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected
Tripwire
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit ViewPLN9 Security Services Pvt. Ltd.
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
Tripwire
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
William McBorrough
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk ManagementFISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
danphilpott
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
Functional safety-overview
Functional safety-overviewFunctional safety-overview
Functional safety-overview
Uriah Edmunds
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeUnderstanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Donald E. Hester
 
Security Framework
Security FrameworkSecurity Framework
Security FrameworkMarcel Dera
 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101
Donald E. Hester
 
Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized Environment
Dr. Sushil Bansode
 
Mis presentation by suraj vaidya
Mis presentation by suraj vaidyaMis presentation by suraj vaidya
Mis presentation by suraj vaidyaSuraj Vaidya
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made Easy
HelpSystems
 
Effects of IT on internal controls
Effects of IT on internal controlsEffects of IT on internal controls
Effects of IT on internal controls
Lou Foja
 
Functions and features network management
Functions and features network managementFunctions and features network management
Functions and features network management
Flightcase1
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)Corporate Registers Forum
 
SDET UNIT 5.pptx
SDET UNIT 5.pptxSDET UNIT 5.pptx
SDET UNIT 5.pptx
PallawiBulakh1
 
HIPAA omnibus rule update
HIPAA omnibus rule updateHIPAA omnibus rule update
HIPAA omnibus rule update
O'Connor Davies CPAs
 

More Related Content

What's hot

IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Security
SecuritySecurity
Security
a1aass
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected
Tripwire
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
Tripwire
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
William McBorrough
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk ManagementFISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
danphilpott
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
Functional safety-overview
Functional safety-overviewFunctional safety-overview
Functional safety-overview
Uriah Edmunds
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeUnderstanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Donald E. Hester
 
Security Framework
Security FrameworkSecurity Framework
Security FrameworkMarcel Dera
 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101
Donald E. Hester
 
Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized Environment
Dr. Sushil Bansode
 
Mis presentation by suraj vaidya
Mis presentation by suraj vaidyaMis presentation by suraj vaidya
Mis presentation by suraj vaidyaSuraj Vaidya
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made Easy
HelpSystems
 
Effects of IT on internal controls
Effects of IT on internal controlsEffects of IT on internal controls
Effects of IT on internal controls
Lou Foja
 
Functions and features network management
Functions and features network managementFunctions and features network management
Functions and features network management
Flightcase1
 

What's hot (20)

IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Security
SecuritySecurity
Security
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected
 
Security audit
Security auditSecurity audit
Security audit
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk ManagementFISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
 
Functional safety-overview
Functional safety-overviewFunctional safety-overview
Functional safety-overview
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeUnderstanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
 
Security Framework
Security FrameworkSecurity Framework
Security Framework
 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101
 
Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized Environment
 
Mis presentation by suraj vaidya
Mis presentation by suraj vaidyaMis presentation by suraj vaidya
Mis presentation by suraj vaidya
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made Easy
 
Effects of IT on internal controls
Effects of IT on internal controlsEffects of IT on internal controls
Effects of IT on internal controls
 
Functions and features network management
Functions and features network managementFunctions and features network management
Functions and features network management
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
 

Similar to Auditing information System

SDET UNIT 5.pptx
SDET UNIT 5.pptxSDET UNIT 5.pptx
SDET UNIT 5.pptx
PallawiBulakh1
 
HIPAA omnibus rule update
HIPAA omnibus rule updateHIPAA omnibus rule update
HIPAA omnibus rule update
O'Connor Davies CPAs
 
mod 4.pdf ppt about the safety at industries
mod 4.pdf ppt about the safety at industriesmod 4.pdf ppt about the safety at industries
mod 4.pdf ppt about the safety at industries
Midhundas31
 
HIPAA and Security Management for Physician Practices
HIPAA and Security Management for Physician PracticesHIPAA and Security Management for Physician Practices
HIPAA and Security Management for Physician Practices
Cole Libby
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessmentjenito21
 
L1_Introduction.pptx
L1_Introduction.pptxL1_Introduction.pptx
L1_Introduction.pptx
StevenTharp2
 
The Fundamentals of HIPAA Privacy & Security Risk Management
The Fundamentals of HIPAA Privacy & Security Risk ManagementThe Fundamentals of HIPAA Privacy & Security Risk Management
The Fundamentals of HIPAA Privacy & Security Risk Management
KeySys Health
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessments
Jose Ivan Delgado, Ph.D.
 
Audit in Pharmacovigilance
Audit in PharmacovigilanceAudit in Pharmacovigilance
Audit in Pharmacovigilanceclarityeye
 
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
cveiga12
 
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
cveiga12
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010
Donald E. Hester
 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdf
priyanshamadhwal2
 
cybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptxcybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptx
MuhammadAbdullah311866
 
Information system audit
Information system audit Information system audit
Information system audit
Jayant Dalvi
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
Faheem Ul Hasan
 

Similar to Auditing information System (20)

SDET UNIT 5.pptx
SDET UNIT 5.pptxSDET UNIT 5.pptx
SDET UNIT 5.pptx
 
HIPAA omnibus rule update
HIPAA omnibus rule updateHIPAA omnibus rule update
HIPAA omnibus rule update
 
mod 4.pdf ppt about the safety at industries
mod 4.pdf ppt about the safety at industriesmod 4.pdf ppt about the safety at industries
mod 4.pdf ppt about the safety at industries
 
HIPAA and Security Management for Physician Practices
HIPAA and Security Management for Physician PracticesHIPAA and Security Management for Physician Practices
HIPAA and Security Management for Physician Practices
 
R.a 1
R.a 1R.a 1
R.a 1
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
 
L1_Introduction.pptx
L1_Introduction.pptxL1_Introduction.pptx
L1_Introduction.pptx
 
Compliance
ComplianceCompliance
Compliance
 
The Fundamentals of HIPAA Privacy & Security Risk Management
The Fundamentals of HIPAA Privacy & Security Risk ManagementThe Fundamentals of HIPAA Privacy & Security Risk Management
The Fundamentals of HIPAA Privacy & Security Risk Management
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessments
 
Audit in Pharmacovigilance
Audit in PharmacovigilanceAudit in Pharmacovigilance
Audit in Pharmacovigilance
 
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
 
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010
 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdf
 
cybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptxcybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptx
 
Information system audit
Information system audit Information system audit
Information system audit
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
 

More from Dr. Rosemarie Sibbaluca-Guirre

Korean Language: Culture 한국어 개요
Korean Language: Culture 한국어 개요Korean Language: Culture 한국어 개요
Korean Language: Culture 한국어 개요
Dr. Rosemarie Sibbaluca-Guirre
 
Korean Language Overview 한국어 개요
Korean Language Overview 한국어 개요Korean Language Overview 한국어 개요
Korean Language Overview 한국어 개요
Dr. Rosemarie Sibbaluca-Guirre
 
Conjunction 접속사
Conjunction 접속사Conjunction 접속사
Conjunction 접속사
Dr. Rosemarie Sibbaluca-Guirre
 
Pronoun 대명사
Pronoun 대명사Pronoun 대명사
Pronoun 대명사
Dr. Rosemarie Sibbaluca-Guirre
 
Usage of Particles 입자의 사용
Usage of Particles 입자의 사용Usage of Particles 입자의 사용
Usage of Particles 입자의 사용
Dr. Rosemarie Sibbaluca-Guirre
 
Usage of Particles 입자의 사용
Usage of Particles 입자의 사용Usage of Particles 입자의 사용
Usage of Particles 입자의 사용
Dr. Rosemarie Sibbaluca-Guirre
 
Korean Word Order 한국어 단어 순서
Korean Word Order 한국어 단어 순서Korean Word Order 한국어 단어 순서
Korean Word Order 한국어 단어 순서
Dr. Rosemarie Sibbaluca-Guirre
 
Korean Number 한국 번호
Korean Number 한국 번호Korean Number 한국 번호
Korean Number 한국 번호
Dr. Rosemarie Sibbaluca-Guirre
 
ISAD 313-3_ TOOLS OF THE SYSTEM ANALYSIS.pptx
ISAD 313-3_ TOOLS OF THE SYSTEM ANALYSIS.pptxISAD 313-3_ TOOLS OF THE SYSTEM ANALYSIS.pptx
ISAD 313-3_ TOOLS OF THE SYSTEM ANALYSIS.pptx
Dr. Rosemarie Sibbaluca-Guirre
 
ISAD 313-1_INTRODUCTION TO SYSTEMS.pptx
ISAD 313-1_INTRODUCTION TO SYSTEMS.pptxISAD 313-1_INTRODUCTION TO SYSTEMS.pptx
ISAD 313-1_INTRODUCTION TO SYSTEMS.pptx
Dr. Rosemarie Sibbaluca-Guirre
 
ISAD 313-2_ SYSTEM ANALYSIS.pptx
ISAD 313-2_ SYSTEM ANALYSIS.pptxISAD 313-2_ SYSTEM ANALYSIS.pptx
ISAD 313-2_ SYSTEM ANALYSIS.pptx
Dr. Rosemarie Sibbaluca-Guirre
 
ISAD 313-4_ RESEARCH PROJECT.pptx
ISAD 313-4_ RESEARCH PROJECT.pptxISAD 313-4_ RESEARCH PROJECT.pptx
ISAD 313-4_ RESEARCH PROJECT.pptx
Dr. Rosemarie Sibbaluca-Guirre
 
ISAD 313-3_ SYSTEM FLOW.pptx
ISAD 313-3_ SYSTEM FLOW.pptxISAD 313-3_ SYSTEM FLOW.pptx
ISAD 313-3_ SYSTEM FLOW.pptx
Dr. Rosemarie Sibbaluca-Guirre
 
ISAD 313-3_ MODELS.pptx
ISAD 313-3_ MODELS.pptxISAD 313-3_ MODELS.pptx
ISAD 313-3_ MODELS.pptx
Dr. Rosemarie Sibbaluca-Guirre
 
ACCT11_9_Financial Position.pptx
ACCT11_9_Financial Position.pptxACCT11_9_Financial Position.pptx
ACCT11_9_Financial Position.pptx
Dr. Rosemarie Sibbaluca-Guirre
 
ACCT11_7_Performance.pptx
ACCT11_7_Performance.pptxACCT11_7_Performance.pptx
ACCT11_7_Performance.pptx
Dr. Rosemarie Sibbaluca-Guirre
 
ACCT11_5_Adjusting Entries.pptx
ACCT11_5_Adjusting Entries.pptxACCT11_5_Adjusting Entries.pptx
ACCT11_5_Adjusting Entries.pptx
Dr. Rosemarie Sibbaluca-Guirre
 
ACCT11_4_Trial Balance.pptx
ACCT11_4_Trial Balance.pptxACCT11_4_Trial Balance.pptx
ACCT11_4_Trial Balance.pptx
Dr. Rosemarie Sibbaluca-Guirre
 

More from Dr. Rosemarie Sibbaluca-Guirre (20)

Korean Language: Culture 한국어 개요
Korean Language: Culture 한국어 개요Korean Language: Culture 한국어 개요
Korean Language: Culture 한국어 개요
 
Korean Language Overview 한국어 개요
Korean Language Overview 한국어 개요Korean Language Overview 한국어 개요
Korean Language Overview 한국어 개요
 
Conjunction 접속사
Conjunction 접속사Conjunction 접속사
Conjunction 접속사
 
Pronoun 대명사
Pronoun 대명사Pronoun 대명사
Pronoun 대명사
 
Usage of Particles 입자의 사용
Usage of Particles 입자의 사용Usage of Particles 입자의 사용
Usage of Particles 입자의 사용
 
Usage of Particles 입자의 사용
Usage of Particles 입자의 사용Usage of Particles 입자의 사용
Usage of Particles 입자의 사용
 
Korean Word Order 한국어 단어 순서
Korean Word Order 한국어 단어 순서Korean Word Order 한국어 단어 순서
Korean Word Order 한국어 단어 순서
 
Korean Number 한국 번호
Korean Number 한국 번호Korean Number 한국 번호
Korean Number 한국 번호
 
ISAD 313-3_ TOOLS OF THE SYSTEM ANALYSIS.pptx
ISAD 313-3_ TOOLS OF THE SYSTEM ANALYSIS.pptxISAD 313-3_ TOOLS OF THE SYSTEM ANALYSIS.pptx
ISAD 313-3_ TOOLS OF THE SYSTEM ANALYSIS.pptx
 
ISAD 313-1_INTRODUCTION TO SYSTEMS.pptx
ISAD 313-1_INTRODUCTION TO SYSTEMS.pptxISAD 313-1_INTRODUCTION TO SYSTEMS.pptx
ISAD 313-1_INTRODUCTION TO SYSTEMS.pptx
 
ISAD 313-2_ SYSTEM ANALYSIS.pptx
ISAD 313-2_ SYSTEM ANALYSIS.pptxISAD 313-2_ SYSTEM ANALYSIS.pptx
ISAD 313-2_ SYSTEM ANALYSIS.pptx
 
ISAD 313-4_ RESEARCH PROJECT.pptx
ISAD 313-4_ RESEARCH PROJECT.pptxISAD 313-4_ RESEARCH PROJECT.pptx
ISAD 313-4_ RESEARCH PROJECT.pptx
 
ISAD 313-3_ SYSTEM FLOW.pptx
ISAD 313-3_ SYSTEM FLOW.pptxISAD 313-3_ SYSTEM FLOW.pptx
ISAD 313-3_ SYSTEM FLOW.pptx
 
ISAD 313-3_ MODELS.pptx
ISAD 313-3_ MODELS.pptxISAD 313-3_ MODELS.pptx
ISAD 313-3_ MODELS.pptx
 
ACCT11_9_Financial Position.pptx
ACCT11_9_Financial Position.pptxACCT11_9_Financial Position.pptx
ACCT11_9_Financial Position.pptx
 
ACCT11_8_Equity.pptx
ACCT11_8_Equity.pptxACCT11_8_Equity.pptx
ACCT11_8_Equity.pptx
 
ACCT11_7_Performance.pptx
ACCT11_7_Performance.pptxACCT11_7_Performance.pptx
ACCT11_7_Performance.pptx
 
ACCT11_6_Worksheet.pptx
ACCT11_6_Worksheet.pptxACCT11_6_Worksheet.pptx
ACCT11_6_Worksheet.pptx
 
ACCT11_5_Adjusting Entries.pptx
ACCT11_5_Adjusting Entries.pptxACCT11_5_Adjusting Entries.pptx
ACCT11_5_Adjusting Entries.pptx
 
ACCT11_4_Trial Balance.pptx
ACCT11_4_Trial Balance.pptxACCT11_4_Trial Balance.pptx
ACCT11_4_Trial Balance.pptx
 

Recently uploaded

1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
tarandeep35
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
deeptiverma2406
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
kimdan468
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
JEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questionsJEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questions
ShivajiThube2
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
Krisztián Száraz
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
Mohammed Sikander
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 

Recently uploaded (20)

1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
JEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questionsJEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questions
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 

Auditing information System

  • 1.
  • 2.
  • 3. The examination and evaluation of an organization's information technology infrastructur
  • 4. The process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond with established
  • 5. 1. Audit planning  Why, how, when, and who  Establish scope and objectives of the audit; identify risk 2. Collection of audit evidence 3. Evaluation of evidence 4. Communication of results
  • 6. 1. Identify fraud and errors (threats) that can occur that threaten each objective 2. Identify control procedures (prevent, detect, correct the threats) 3. Evaluate control procedures Review to see if control exists and is in place Test controls to see if they work as intended 4. Determine effect of control weaknesses Compensating controls
  • 7. ZProtect overall system security (includes computer equipment, programs, and data) ZProgram development and acquisition occur under management authorization ZProgram modifications occur under management authorization
  • 8. ZAccurate and complete processing of transactions, records,files and reports ZPrevent,detect, or correct inaccurate or unauthorized source data ZAccurate, complete, and confidential data files
  • 9. •Integrated Test Facility •Snapshot Technique •System Control Audit Review File (SCARF) •Audit Hooks •Continuous and Intermittent Simulation
  • 10. •Integrated Test Facility ▫Uses fictitious inputs •Snapshot Technique ▫Master files before and after update are stored for specially marked transactions •System Control Audit Review File (SCARF) ▫Continuous monitoring and storing of transactions that meet pre-specifications
  • 11. •Audit Hooks ▫Notify auditors of questionable transactions •Continuous and Intermittent Simulation ▫Similar to SCARF for DBMS
  • 12. Automated Audit Workpapers Data Analysis Risk Assessment Scheduling Timekeeping Flowcharting Report Generation
  • 13. Computer Audit Software can perform audit tasks on a copy of a company’s data.
  • 14. Operational Audits To evaluate effectiveness, efficiency, and goal achievement. Although the basic audit steps are the same, the specific activities of evidence collection are focused toward operations.

Editor's Notes

  1. Information technology audits determine whether IT controls protect corporate assets, ensure data integrity and are aligned with the business's overall goals. IT auditors examine not only physical security controls, but also overall business and financial controls that involve information technology systems.
  2. Using the risk-based framework for an information systems audit allows the auditor to review and evaluate internal controls that protect the system to meet each of the following objectives:
  3. Using the risk-based framework for an information systems audit allows the auditor to review and evaluate internal controls that protect the system to meet each of the following objectives:
  4. Review operating policies and documentation Confirm procedures with management and operating personnel Observe operating functions and activities Examine financial and operating plans and reports Test accuracy of operating information Test operational controls