Damilola Mosaku, profile picture
Uploaded byDamilola Mosaku
PPT, PDF2,233 views

Introduction to it auditing

This chapter provides an introduction to IT auditing. It discusses IT governance and the role of ensuring strategic alignment of IT with business objectives. It also covers the systems development life cycle (SDLC) process and phases. The chapter defines different types of information systems and the role of IT auditors in assessing risks and controls over IT resources. It outlines the skills and certifications needed for IT auditors and how IT audits are structured.

Embed presentation

Downloaded 41 times
1 Chapter One Introduction to IT Auditing
2 Outline ๏ฎ IT Governance ๏ฎ The Systems Development Life Cycle (SDLC) ๏ฎ Types of Information Systems ๏ฎ The Role of the IT Auditor
3 IT Governance โ€ฆthe process for controlling an organizationโ€™s IT resources, including information and communication systems, and technology. โ€ฆusing IT to promote an organizationโ€™s objectives and enable business processes and to manage and control IT related risks.
4 Strategic Alignment
5 Information Criteria ๏ฎ CIA Triangle โ€“ Confidentialilty โ€“ Integrity โ€“ Availability ๏ฎ Cobit โ€œadd-onsโ€ โ€“ Effectiveness โ€“ Efficiency โ€“ Compliance โ€“ Reliability
6 CobiTโ€™s IT Governance Management Guideline ๏ฎIdentifies critical success factors, key goal and performance indicators, and an IT governance maturity model. ๏ฎIT governance framework begins with setting IT objectives and measures and compares performance against them
7 Systems development life cycle (SDLC) ๏ฎ Provides overall framework for managing system development process ๏ฎ All projects use some variation of SDLC โ€“ Phases are sequential but may include some overlap โ€“ May even include iterations of some or all of the phases
8 Phases of the Systems Development Lifecycle (SDLC) ๏ฎ Project planning: initiate, ensure feasibility, plan schedule, obtain approval for project ๏ฎ Analysis: understand business needs and processing requirements ๏ฎ Design: define solution system based on requirements and analysis decisions ๏ฎ Implementation: construction, testing, user training, and installation of new system ๏ฎ Support: keep system running and improve
9 Systems development life cycle (SDLC) ๏ฎ In COBIT, these phases (domains) are: โ€“ Plan and Organize (PO) โ€“ Acquire and Implement (AI) โ€“ Deliver and Support (DS) โ€“ Monitor and Evaluate (ME)
10 Types of Information Systems
11 Message Transmission Example
12 Types of Information Systems ๏ฎ Information Systems include not only hardware and software butโ€ฆ โ€“ People โ€“ Procedures* โ€“ Data ๏ฎ In Cobit, these โ€œassetsโ€ include โ€“ People โ€“ Applications (like software) โ€“ Technology (like hardware) โ€“ Facilities โ€“ Data * Note: Procedures (processes) are โ€œsubsetsโ€ of the domains in CobiT
13 IT and Transaction (Tx) Processing ๏ฎ The IS collects transaction data ๏ฎ The IS turns data into information ๏ฎ Computerized Tx systems increase some risks and decrease others
14 What do IT auditors do? ๏ฎ Ensure IT governance by assessing risks and monitoring controls over those risks ๏ฎ Works as either internal or external auditor ๏ฎ Works on many kind of audit engagements
15 Financial vs IT Audits ๏ฎ IT auditors may work on financial audit engagements ๏ฎ IT auditors may work on every step of the financial audit engagement ๏ฎ Standards, such as SAS No. 94, guide the work of IT auditors on financial audit engagements ๏ฎ IT audit work on financial audit engagements is likely to increase as internal control evaluation becomes more important
16 IT Audit Skills ๏ฎ College education โ€“ IS, computer science, accounting ๏ฎ Certifications โ€“ CPA, CFE, CIA, CISA, CISSP, and special technical certifications ๏ฎ Technical IT audit skills โ€“ specialized technologies ๏ฎ General personal and business skills
17 Professional Groups and Certifications โ€“ Alphabet Soup ๏ฎ ISACA โ€“ CISA/CISM ๏ฎ IIA โ€“ CIA ๏ฎ ACFE โ€“ CFE ๏ฎ AICPA โ€“ CPA and CITP
18 How to Structure an IT Audit ๏ฎ AICPA Standards and Guidelines โ€“ GAAS, SAS, and SSAE ๏ฎ IFAC Guidelines โ€“ harmonized or common international accounting standards and guidelines ๏ฎ ISACA standards, guidelines, and procedures โ€“ includes CobiT and audit standards
19 An Overview of the Book ๏ฎ Section I โ€“ an introduction to IT audit, the legal and ethical environment of the IT audit, introduction to risks and controls ๏ฎ Section II โ€“ risks over specific processes and technologies โ€“ deployment of IS, operation of IS, network systems, and e-business systems ๏ฎ Section III โ€“ how to do an It audit โ€“ use of CAATTs and a step-by-step IT audit ๏ฎ Appendices โ€“ ACL tutorial and IT audit glossary

More Related Content

PPTX
Overview-of-an-IT-Audit-Lesson-1.pptx
byJoshJaro
ย 
PDF
IT General Controls Presentation at IIA Vadodara Audit Club
byKaushal Trivedi
ย 
PPTX
IT General Controls
byCicero Ray Rufino
ย 
PPT
IT System & Security Audit
byMufaddal Nullwala
ย 
PDF
Steps in it audit
bykinjalmkothari92
ย 
PPTX
IT Audit For Non-IT Auditors
byEd Tobias
ย 
PPTX
03.1 general control
byMulyadi Yusuf
ย 
PDF
audit_it_250759.pdf
bymabkhoutaliwi1
ย 
Overview-of-an-IT-Audit-Lesson-1.pptx
byJoshJaro
ย 
IT General Controls Presentation at IIA Vadodara Audit Club
byKaushal Trivedi
ย 
IT General Controls
byCicero Ray Rufino
ย 
IT System & Security Audit
byMufaddal Nullwala
ย 
Steps in it audit
bykinjalmkothari92
ย 
IT Audit For Non-IT Auditors
byEd Tobias
ย 
03.1 general control
byMulyadi Yusuf
ย 
audit_it_250759.pdf
bymabkhoutaliwi1
ย 

What's hot

PPTX
IT Audit Methodologies
bySALIH AHMED ISLAM
ย 
PPT
Security audit
byRosaria Dee
ย 
PDF
Basics in IT Audit and Application Control Testing
byDinesh O Bareja
ย 
PPTX
IT Governance Presentation
byjmcarden
ย 
PDF
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
byInfosecTrain
ย 
PDF
Cisa domain 1
byIsmail aboulezz
ย 
PPTX
Information System Architecture and Audit Control Lecture 1
byYasir Khan
ย 
PDF
IT Risk Management
byTudor Damian
ย 
PDF
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
byShivamSharma909
ย 
PPTX
IT Governance Made Easy
byJerry Bishop
ย 
PPTX
CISSP - Chapter 1 - Security Concepts
byKarthikeyan Dhayalan
ย 
PPSX
IT Governance - COBIT Perspective
bySayyed Zakir Ali Rizwe
ย 
PPTX
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
ย 
PPTX
Information risk management
byAkash Saraswat
ย 
PPT
IT Audit methodologies
bygenetics
ย 
PDF
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
ย 
PDF
ISO 27001 (v2013) Checklist
byIvan Piskunov
ย 
PPTX
ISO 27001 - Information security user awareness training presentation - part 3
byTanmay Shinde
ย 
PPTX
ISO 27001 Awareness/TRansition.pptx
byDr Madhu Aman Sharma
ย 
PDF
IT Governance
byCarlos Chalico
ย 
IT Audit Methodologies
bySALIH AHMED ISLAM
ย 
Security audit
byRosaria Dee
ย 
Basics in IT Audit and Application Control Testing
byDinesh O Bareja
ย 
IT Governance Presentation
byjmcarden
ย 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
byInfosecTrain
ย 
Cisa domain 1
byIsmail aboulezz
ย 
Information System Architecture and Audit Control Lecture 1
byYasir Khan
ย 
IT Risk Management
byTudor Damian
ย 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
byShivamSharma909
ย 
IT Governance Made Easy
byJerry Bishop
ย 
CISSP - Chapter 1 - Security Concepts
byKarthikeyan Dhayalan
ย 
IT Governance - COBIT Perspective
bySayyed Zakir Ali Rizwe
ย 
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
ย 
Information risk management
byAkash Saraswat
ย 
IT Audit methodologies
bygenetics
ย 
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
ย 
ISO 27001 (v2013) Checklist
byIvan Piskunov
ย 
ISO 27001 - Information security user awareness training presentation - part 3
byTanmay Shinde
ย 
ISO 27001 Awareness/TRansition.pptx
byDr Madhu Aman Sharma
ย 
IT Governance
byCarlos Chalico
ย 

Similar to Introduction to it auditing

PDF
How to become an IT Auditor step by step process
bypriyanshamadhwal2
ย 
PDF
How to become an IT Auditor.pdf InfosecTrain
byinfosec train
ย 
PDF
๐™ƒ๐’๐™ฌ ๐™ฉ๐’ ๐‘ฉ๐™š๐’„๐™ค๐’Ž๐™š ๐™–๐’ ๐‘ฐ๐™ ๐˜ผ๐’–๐™™๐’Š๐™ฉ๐’๐™ง: ๐‘จ ๐‘บ๐™ฉ๐’†๐™ฅ-๐™—๐’š-๐‘บ๐™ฉ๐’†๐™ฅ ๐™‚๐’–๐™ž๐’…๐™š
byMansi Kandari
ย 
PDF
How to Become an IT Auditor: A Step-by-Step Guide.pdf
byInfosecTrain Education
ย 
PDF
How to Become an IT Auditor? (Step by Step Process)
byinfosecTrain
ย 
PDF
๐‡๐จ๐ฐ ๐ญ๐จ ๐๐ž๐œ๐จ๐ฆ๐ž ๐š๐ง ๐ˆ๐“ ๐€๐ฎ๐๐ข๐ญ๐จ๐ซ: ๐€ ๐’๐ญ๐ž๐ฉ-๐›๐ฒ-๐’๐ญ๐ž๐ฉ ๐†๐ฎ๐ข๐๐ž
byMansi Kandari
ย 
PDF
๐‡๐จ๐ฐ ๐ญ๐จ ๐๐ž๐œ๐จ๐ฆ๐ž ๐š๐ง ๐ˆ๐“ ๐€๐ฎ๐๐ข๐ญ๐จ๐ซ: ๐€ ๐’๐ญ๐ž๐ฉ-๐›๐ฒ-๐’๐ญ๐ž๐ฉ ๐†๐ฎ๐ข๐๐ž
bypriyanshamadhwal2
ย 
PDF
How to Become an IT Auditor.: A Step-by-Step Guide
byinfosecTrain
ย 
PDF
Guide to How to Become an IT Auditor in 2026.pdf
byinfosecTrain
ย 
PDF
Ch2-CIISA_IT Governance.pdf
byDanteHayashi
ย 
PPT
PPT-UEU-Audit-Kendali-Sistem-Informasi-Pertemuan-4.ppt
bytp409365
ย 
PPT
Desain umum dan Detail sistem informasi akuntansi
bysplato2023
ย 
PPT
PPT-UEU-Audit-Kendali-Sistem-Informasi-Pertemuan-4.ppt
byKumarNatarajan24
ย 
PPTX
Orientation in IT Audit
bySuman Thapaliya
ย 
PPTX
IT Audit - Evolve and Stay in the Game
bySymptai Consulting Limited
ย 
PDF
Information Technology Control and Audit.pdf
byMaicolcastellanos2
ย 
PDF
It Audit Control And Security Wiley Corporate Fa Volume 13 2nd Robert Moeller
byzharasorahyb
ย 
PPTX
IT-Governance.pptx
byJayLloyd8
ย 
PDF
Solution Manual for Accounting Information Systems, 10th Edition
byfrngsgmx4349
ย 
PPT
ISA 3 COBIT
byDarshan Kumar
ย 
How to become an IT Auditor step by step process
bypriyanshamadhwal2
ย 
How to become an IT Auditor.pdf InfosecTrain
byinfosec train
ย 
๐™ƒ๐’๐™ฌ ๐™ฉ๐’ ๐‘ฉ๐™š๐’„๐™ค๐’Ž๐™š ๐™–๐’ ๐‘ฐ๐™ ๐˜ผ๐’–๐™™๐’Š๐™ฉ๐’๐™ง: ๐‘จ ๐‘บ๐™ฉ๐’†๐™ฅ-๐™—๐’š-๐‘บ๐™ฉ๐’†๐™ฅ ๐™‚๐’–๐™ž๐’…๐™š
byMansi Kandari
ย 
How to Become an IT Auditor: A Step-by-Step Guide.pdf
byInfosecTrain Education
ย 
How to Become an IT Auditor? (Step by Step Process)
byinfosecTrain
ย 
๐‡๐จ๐ฐ ๐ญ๐จ ๐๐ž๐œ๐จ๐ฆ๐ž ๐š๐ง ๐ˆ๐“ ๐€๐ฎ๐๐ข๐ญ๐จ๐ซ: ๐€ ๐’๐ญ๐ž๐ฉ-๐›๐ฒ-๐’๐ญ๐ž๐ฉ ๐†๐ฎ๐ข๐๐ž
byMansi Kandari
ย 
๐‡๐จ๐ฐ ๐ญ๐จ ๐๐ž๐œ๐จ๐ฆ๐ž ๐š๐ง ๐ˆ๐“ ๐€๐ฎ๐๐ข๐ญ๐จ๐ซ: ๐€ ๐’๐ญ๐ž๐ฉ-๐›๐ฒ-๐’๐ญ๐ž๐ฉ ๐†๐ฎ๐ข๐๐ž
bypriyanshamadhwal2
ย 
How to Become an IT Auditor.: A Step-by-Step Guide
byinfosecTrain
ย 
Guide to How to Become an IT Auditor in 2026.pdf
byinfosecTrain
ย 
Ch2-CIISA_IT Governance.pdf
byDanteHayashi
ย 
PPT-UEU-Audit-Kendali-Sistem-Informasi-Pertemuan-4.ppt
bytp409365
ย 
Desain umum dan Detail sistem informasi akuntansi
bysplato2023
ย 
PPT-UEU-Audit-Kendali-Sistem-Informasi-Pertemuan-4.ppt
byKumarNatarajan24
ย 
Orientation in IT Audit
bySuman Thapaliya
ย 
IT Audit - Evolve and Stay in the Game
bySymptai Consulting Limited
ย 
Information Technology Control and Audit.pdf
byMaicolcastellanos2
ย 
It Audit Control And Security Wiley Corporate Fa Volume 13 2nd Robert Moeller
byzharasorahyb
ย 
IT-Governance.pptx
byJayLloyd8
ย 
Solution Manual for Accounting Information Systems, 10th Edition
byfrngsgmx4349
ย 
ISA 3 COBIT
byDarshan Kumar
ย 

Recently uploaded

PPTX
detector for xrays is for detecting with ai
bydishujeemain
ย 
PDF
AI + Data Science: How Artificial Intelligence is Transforming Modern Analytics
byalansanu8
ย 
PDF
"Top Excel Tips and Tricks: Conditional Formatting, Sorting, and More - Learn...
byCA Suvidha Chaplot
ย 
PPTX
maaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
byAshleyJane9
ย 
PDF
"AI Assistant Tools for Students: Boost Productivity with Claude, DeepSeek, A...
byCA Suvidha Chaplot
ย 
PPTX
The Archive Fall 2025 Semester Overview by Daisy-Grace Hooper
bydh24372
ย 
PPTX
Can AI see like a tourist? An exploration of Vision Language Models for autom...
byMODUL Technology GmbH
ย 
PDF
Plainte franรงaise dans le cadre de l'affaire Epstein
bySociรฉtรฉ Tripalio
ย 
PDF
Macro Energy Trust Shock - current developments in the Venezuelan energy sector
byAurรฉlie Dupassieux
ย 
PDF
Introduction to R Programming for Data Analysis and Statistics
byNusrat Gulbarga
ย 
PPTX
Welcome to ETSAP Workshop in Helsinki 2025
byIEA-ETSAP
ย 
PPTX
Data_Gathering_Presentation.pptx Maed class
byhoneycooo14
ย 
PDF
Machine Learning Lectures -- Clustering (3)
byZahra Sadeghi
ย 
PPTX
04-Strengthening collaboration between IEA-ETSAP and IEA-Wind TCP
byIEA-ETSAP
ย 
PPTX
Energy Communities and Their Roles in Decarbonization
byIEA-ETSAP
ย 
PDF
SFBA Splunk Usergroup meeting Jan 21, 2026
byBecky Burwell
ย 
PPTX
Autism types, forms and everything we need to know
byfuzertamas
ย 
PDF
"Top AI Tools Infographics for Students: Master Flow, NotebookLM, KREA AI, VA...
byCA Suvidha Chaplot
ย 
PPTX
Hypothesis Test in Simple Linear Regression.pptx
byDebbieTonog
ย 
PDF
dell-ai-factory-with-nvidia-ebook_with.pdf
bytarimocarlos2014
ย 
detector for xrays is for detecting with ai
bydishujeemain
ย 
AI + Data Science: How Artificial Intelligence is Transforming Modern Analytics
byalansanu8
ย 
"Top Excel Tips and Tricks: Conditional Formatting, Sorting, and More - Learn...
byCA Suvidha Chaplot
ย 
maaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
byAshleyJane9
ย 
"AI Assistant Tools for Students: Boost Productivity with Claude, DeepSeek, A...
byCA Suvidha Chaplot
ย 
The Archive Fall 2025 Semester Overview by Daisy-Grace Hooper
bydh24372
ย 
Can AI see like a tourist? An exploration of Vision Language Models for autom...
byMODUL Technology GmbH
ย 
Plainte franรงaise dans le cadre de l'affaire Epstein
bySociรฉtรฉ Tripalio
ย 
Macro Energy Trust Shock - current developments in the Venezuelan energy sector
byAurรฉlie Dupassieux
ย 
Introduction to R Programming for Data Analysis and Statistics
byNusrat Gulbarga
ย 
Welcome to ETSAP Workshop in Helsinki 2025
byIEA-ETSAP
ย 
Data_Gathering_Presentation.pptx Maed class
byhoneycooo14
ย 
Machine Learning Lectures -- Clustering (3)
byZahra Sadeghi
ย 
04-Strengthening collaboration between IEA-ETSAP and IEA-Wind TCP
byIEA-ETSAP
ย 
Energy Communities and Their Roles in Decarbonization
byIEA-ETSAP
ย 
SFBA Splunk Usergroup meeting Jan 21, 2026
byBecky Burwell
ย 
Autism types, forms and everything we need to know
byfuzertamas
ย 
"Top AI Tools Infographics for Students: Master Flow, NotebookLM, KREA AI, VA...
byCA Suvidha Chaplot
ย 
Hypothesis Test in Simple Linear Regression.pptx
byDebbieTonog
ย 
dell-ai-factory-with-nvidia-ebook_with.pdf
bytarimocarlos2014
ย 

Introduction to it auditing

  • 1.
  • 2.
    2 Outline ๏ฎ IT Governance ๏ฎThe Systems Development Life Cycle (SDLC) ๏ฎ Types of Information Systems ๏ฎ The Role of the IT Auditor
  • 3.
    3 IT Governance โ€ฆthe processfor controlling an organizationโ€™s IT resources, including information and communication systems, and technology. โ€ฆusing IT to promote an organizationโ€™s objectives and enable business processes and to manage and control IT related risks.
  • 4.
  • 5.
    5 Information Criteria ๏ฎ CIATriangle โ€“ Confidentialilty โ€“ Integrity โ€“ Availability ๏ฎ Cobit โ€œadd-onsโ€ โ€“ Effectiveness โ€“ Efficiency โ€“ Compliance โ€“ Reliability
  • 6.
    6 CobiTโ€™s IT Governance ManagementGuideline ๏ฎIdentifies critical success factors, key goal and performance indicators, and an IT governance maturity model. ๏ฎIT governance framework begins with setting IT objectives and measures and compares performance against them
  • 7.
    7 Systems development lifecycle (SDLC) ๏ฎ Provides overall framework for managing system development process ๏ฎ All projects use some variation of SDLC โ€“ Phases are sequential but may include some overlap โ€“ May even include iterations of some or all of the phases
  • 8.
    8 Phases of theSystems Development Lifecycle (SDLC) ๏ฎ Project planning: initiate, ensure feasibility, plan schedule, obtain approval for project ๏ฎ Analysis: understand business needs and processing requirements ๏ฎ Design: define solution system based on requirements and analysis decisions ๏ฎ Implementation: construction, testing, user training, and installation of new system ๏ฎ Support: keep system running and improve
  • 9.
    9 Systems development lifecycle (SDLC) ๏ฎ In COBIT, these phases (domains) are: โ€“ Plan and Organize (PO) โ€“ Acquire and Implement (AI) โ€“ Deliver and Support (DS) โ€“ Monitor and Evaluate (ME)
  • 10.
  • 11.
  • 12.
    12 Types of InformationSystems ๏ฎ Information Systems include not only hardware and software butโ€ฆ โ€“ People โ€“ Procedures* โ€“ Data ๏ฎ In Cobit, these โ€œassetsโ€ include โ€“ People โ€“ Applications (like software) โ€“ Technology (like hardware) โ€“ Facilities โ€“ Data * Note: Procedures (processes) are โ€œsubsetsโ€ of the domains in CobiT
  • 13.
    13 IT and Transaction(Tx) Processing ๏ฎ The IS collects transaction data ๏ฎ The IS turns data into information ๏ฎ Computerized Tx systems increase some risks and decrease others
  • 14.
    14 What do ITauditors do? ๏ฎ Ensure IT governance by assessing risks and monitoring controls over those risks ๏ฎ Works as either internal or external auditor ๏ฎ Works on many kind of audit engagements
  • 15.
    15 Financial vs ITAudits ๏ฎ IT auditors may work on financial audit engagements ๏ฎ IT auditors may work on every step of the financial audit engagement ๏ฎ Standards, such as SAS No. 94, guide the work of IT auditors on financial audit engagements ๏ฎ IT audit work on financial audit engagements is likely to increase as internal control evaluation becomes more important
  • 16.
    16 IT Audit Skills ๏ฎCollege education โ€“ IS, computer science, accounting ๏ฎ Certifications โ€“ CPA, CFE, CIA, CISA, CISSP, and special technical certifications ๏ฎ Technical IT audit skills โ€“ specialized technologies ๏ฎ General personal and business skills
  • 17.
    17 Professional Groups and Certificationsโ€“ Alphabet Soup ๏ฎ ISACA โ€“ CISA/CISM ๏ฎ IIA โ€“ CIA ๏ฎ ACFE โ€“ CFE ๏ฎ AICPA โ€“ CPA and CITP
  • 18.
    18 How to Structurean IT Audit ๏ฎ AICPA Standards and Guidelines โ€“ GAAS, SAS, and SSAE ๏ฎ IFAC Guidelines โ€“ harmonized or common international accounting standards and guidelines ๏ฎ ISACA standards, guidelines, and procedures โ€“ includes CobiT and audit standards
  • 19.
    19 An Overview ofthe Book ๏ฎ Section I โ€“ an introduction to IT audit, the legal and ethical environment of the IT audit, introduction to risks and controls ๏ฎ Section II โ€“ risks over specific processes and technologies โ€“ deployment of IS, operation of IS, network systems, and e-business systems ๏ฎ Section III โ€“ how to do an It audit โ€“ use of CAATTs and a step-by-step IT audit ๏ฎ Appendices โ€“ ACL tutorial and IT audit glossary