SlideShare a Scribd company logo
Master Thesis Presentation


      Levels of IT audit
     implementation in
   Bosnia and Herzegovina



Student:         Supervisor:
Nermin Ćatović   Ing. Pavel Ĉech, Ph.D.


                                          1
Levels of IT audit implementation in
                                    Bosnia and Herzegovina




IT auditing
is the evaluation of IT, practices and operations to assure
the integrity of an entity’s information. Such evaluation
can include assessment of the efficiency, effectiveness,
and economy of computer-based practices.

Derived as an enhancement / support to financial
auditing

Today – important role in modern business
                                                                      2
Levels of IT audit implementation in
                                         Bosnia and Herzegovina




Background
-   Early stages of development in Bosnia and Herzegovina
-   Chances of huge impact on profession
-   No ISACA Chapter formed – only 24 registered members
-   EU integrations will require introduction of legislations
-   Two legislations in 2012 which change future of IT auditing
    (another two in preparation!):

    - Decision of Minimum Standards of Information System Management
    - Decision on Minimum Standards of Externalization/Outsourcing


                                                                           3
Levels of IT audit implementation in
                                  Bosnia and Herzegovina




Goals and objectives
- Determine and confirm needs for legal legislations
- Awakening of consciousness about IT auditing
- Determine levels of international standard and
  framework implementation so far
- Awareness of companies
- Needs to control and monitor processes are critical to
  business development

                                                                    4
Levels of IT audit implementation in
                                             Bosnia and Herzegovina




Hypothesis
Growing awareness on the evaluation of information technologies to support
modern business and objectives in Bosnia and Herzegovina is changing. This
opinion and awareness requires implementation of international standards and
frameworks related to control and auditing, risk management, performance
measures through adoption of legislatures which are necessary to establish
higher level of decision making in management.

Research will try to prove positive changes and evolution of information
technology auditing compared to previous years.



                                                                               5
Levels of IT audit implementation in
                                                  Bosnia and Herzegovina




Research
-     February 2012 ( opened for 1 month)
-     Email list based on previous contacts and use of LinkedIn group – IT revizija
-     Aimed focus group of 37 people


     25 fully filled surveys
    (67% of aimed number)



    Easy-to-use filling form on
        www.itrevizija.ba


                                                                                    6
Levels of IT audit implementation in
                                                Bosnia and Herzegovina



Research concept was based on 6 parts which include 28
questions:
     –   Profile
     –   Company IT profile
     –   Significance and benefits of information technology
     –   IT problems and potential solutions
     –   Awareness and usage of IT Governance frameworks
     –   Awareness and usage of CobiT

-   Results which prove hypothesis will be shown
-   Comparison to similar research from 2009



                                                                                  7
Levels of IT audit implementation in
                                                                       Bosnia and Herzegovina



Question P1.3 : Please indicate                              Question P1.1: Please indicate position
which group does your company                                within the organization?
belong to.
                        P1.3
                                                             Internal Auditors,      IT security officer,
                                                             Internal IT auditors,   Head of IT department,
                  20%            20%                         Auditor,                Deputy CEO,
                                                             IT Supervisor,          Project Manager,
       0%
            4%                                               Assistant IT auditor,   CSO,
            12%                                              CIO,                    IT Department Director,
                                                             IT Project manager,     Assistant Professor
                                 44%


                    Limited Liability Company (d.o.o. BiH)
                    Financial Institution
                    Corporation (joint-stock)
                    Public institution or company
                    Nonprofit organization
                    Budget user


                                                                                                         8
Levels of IT audit implementation in
                                              Bosnia and Herzegovina



Question P3.2: How strongly would you agree or disagree that IT investments
have created value for your organization?
                            P3.2           * proof how IT gives out
                     0% 0%                 additional, competitive value
                 12%

                                       Absolutely agree

          16%                          Agree

                                       Partly agree

                                       Strong disagree

                               72%     I don't know




                                                                                9
Levels of IT audit implementation in
                                                       Bosnia and Herzegovina


Question P3.4: Of these, which is the most important item in the
management of IT activities of your organization?
                                           P3.4
                          0%                           Avoidance of negative incidents
                                0%
                     8%    4%

                                                       Ensuring that the current IT functionality
            16%                                        is in compliance with current business
                                                       needs
                                                       Achieving a better balance between
                                                       innovation and risk avoidance


                                                       Alignment with business and/or legal
                                                       regulations
                                     72%
                                                       I don't know


                                                                                                    10
Levels of IT audit implementation in
                                               Bosnia and Herzegovina



Question P3.7: To what extent does your IT department support the
business needs?
                                P3.7
                       0% 0%
                          4%

                                                       Does not support at all

                                                       Does not support enough
                                    32%
                                                       Supports up to some limit

                                                       Extremely supports

                                                       I don't know
            64%




                                                                                   11
Levels of IT audit implementation in
                                             Bosnia and Herzegovina



Comparison to 2009 research
- basis in similar research from 2009
- clear goal of proving hypothesis and positive changes
- MSc. Amra Alagid currently works at Federal Banking Agency (B&H)

- best way of determining changes
- questions that show difference




                                                                               12
Levels of IT audit implementation in
                                                        Bosnia and Herzegovina



Question P2.4: How would you describe Management's level of involvement
in IT governance?
                        2012                                         2009

              0%
                               Low level of
         8%        8%          engagement
                          8%   Are informed, but                       9%
                                                               17%
                               not included
   20%                                                                       22%
                               Participate in           17%
                               decision making
                               Key people in
                               decision making                         35%

                               Fully involved
                    56%
                               I don't know




                                                                                          13
Levels of IT audit implementation in
                                                     Bosnia and Herzegovina



Question P3.8: How would you describe the fit or alignment between your IT
strategy and your organization’s overall business strategy?
                     2012                                     2009.

                                 Very poor
            0% 0%
                                                                0%
              4%                 Poor
                    4%
                                                              9% 4%
                                                                       17%
                                 Average
                           20%                      31%
    44%
                                 Good
                                                                      39%
                                 Very good

                                 I don't know
                     28%

                                 We don't have IT
                                 strategy



                                                                                       14
Levels of IT audit implementation in
                                                     Bosnia and Herzegovina



Question P5.2: Have you implemented, are you in the process of
implementing or are you considering implementing improved IT governance
practices?
                     2012                                    2009.
                            Not considering
                            implementation

                4%
         13%                Considering                     11%
                            implementation                                 28%
                      25%
   12%                                             28%
                            In the process of
                            implementing
                                                                     33%

                            Have implemented

          46%
                            I don't know



                                                                                       15
Levels of IT audit implementation in
                                              Bosnia and Herzegovina


Question P5.3: What solutions/frameworks do you use, are you considering
using or not using?

2012
    ISO security standards – 55% using, 25% considering implementing
2009
    ISO security standards – 17% implemented

2012
    COBIT framework – 56,5% using, 13% consider implementing
2009 (4th place)
    COBIT framework – 11% implemented

Interesting data obtained is that 38% of respondents are mostly interested
and considering implementation of Val IT, but only 9.5% of them are using
it which is nearly the same number as from 2009 (9%).
                                                                                16
Levels of IT audit implementation in
                                                    Bosnia and Herzegovina



Question P6.2: Are you personally aware of the contents of COBIT?


               2012                                             2009.
              9%
         4%

                                                         25%
                                Yes



                                No                                           75%


                      87%
                                I don't know




                                                                                      17
Levels of IT audit implementation in
                                              Bosnia and Herzegovina




Research results - conclusions
-   Research that was conducted on the territory of Bosnia and Herzegovina has
    shown satisfactory conditions
-   Respondents consider IT generally important for their business
-   Follow practices of developed countries
-   Implementation of good practices through intensive cooperation of internal
    and external auditors.
-   Reducing risk of information technology --> advise management about
    practices of strategic approach
-   Strategic development plan --> strategic plan for implementation of IT
-   Shows how much management cares about establishment of effective
    systems of internal controls

                                                                                18
Levels of IT audit implementation in
                                       Bosnia and Herzegovina




CobiT & problems?
- Small amount of developed IT organizations mature enough to
  implement
- Areas of banking and financial activities
- Insufficient institutionalized encouragement
- COBIT framework must be adapted to use in each individual
  organization (if we are using it to improve processes)
- Change in mindset, orientation and training of organization and
  its employees
- „ community of auditors „

                                                                         19
Levels of IT audit implementation in
                                     Bosnia and Herzegovina




Improvements & suggestions
- Not perfect but clear improvements can be seen
- Increase popularity of www.itrevizija.ba
- Training, on-line educations, consultant
  lectures, presentations, case studies, etc.
- Benefits of organizing first IT auditing conference
- Clearer understanding of risk, development of audit programs
- Promotion of the frameworks within auditing community
- Experiences and examples from similar countries and European
  Union

                                                                       20
Levels of IT audit implementation in
                                         Bosnia and Herzegovina




Publication
- Research document prepared for all interested individuals
- Free publication available on www.itrevizija.ba
- Extremely positive comments from leading experts so far
- Possibility of publishing results and publication by Institute of
  Internal Auditors (IIA BiH)
- Invitation to write 2-3 part article about IT auditing with
  research results in leading accounting and auditing magazine
  „Porezni savjetnik“ – Tax advisor


                                                                           21
Thank you for attention!



       Nermin Ćatović

                           22
Reviewer’s questions:



      Other questions?

                        23
Levels of IT audit implementation in
                                  Bosnia and Herzegovina




Question 1: What do you think is the most interesting
result from your survey from the B&H IT industry point
of view? Support it with some sound arguments.

Question 2. Was the number of completely filled
surveys high enough for achieving some sound
statistical results?



                                                                    24
Levels of IT audit implementation in
                                                    Bosnia and Herzegovina



Question P5.4: How important is     IT risk management to your
organization?     2012                                         2009


            0%
           4% 4% 4%
                                                                      14%         5%
                            Not important at all
                      20%   Not very important      48%
                                                                                  9%
                            Not sure
                            Somewhat important
                                                                            24%
                            Very important
     68%                    I don't know




                                                                                       25
Levels of IT audit implementation in
                                             Bosnia and Herzegovina



Question 1: What do you think is the most interesting result from your
survey from the B&H IT industry point of view? Support it with some
sound arguments.

According to a 2009 survey of 280 audit committee members conducted by
KPMG in conjunction with the National Association of Corporate
Directors, IT risk is a key area of concern.

Banking sector – huge risks (cyber attacks) – constant increase
- Lack of legislations – REDUCING RISK takes an essential role
- Realization that IT risk management is crucial in protecting their assets
- Corporate risk management – clearly part of internal controls
- Provides guidance to help executives and management ask the key
   questions, make better, more informed risk-adjusted decisions and guide
   their enterprises so risk is managed effectively
- Helps save time, cost and effort with tools to address business risks
                                                                               26
Levels of IT audit implementation in
                                               Bosnia and Herzegovina



Question 2. Was the number of completely filled surveys high enough for
achieving some sound statistical results?

-   Undeveloped IT community
-   Basic statistical data
-   2009 research 27 filled questionnaires | 2012 research 25 filled
-   Physical presence and deep networking abilities crucial for obtaining
    data
-   Professional encouragement from experts
-   Advices of how to improve future version of research – EMPHASIS on
    larger group of experts and individual question relationships (
    multivariable statistical analysis)

-   Personal opinion – IT CAN/MUST BE IMPROVED
-   „ Research V2 „ - extensive research on this topic (from inside industry
    /profession)
                                                                                 27

More Related Content

Viewers also liked

Presentation1
Presentation1Presentation1
Presentation1
Bruno Boksic
 
New year in...
New year in...New year in...
New year in...
eharutyunyan00
 
Bosnia and Hezegovina - “Intangible Cultural Heritage: Bosnia and Herzegovina”
Bosnia and Hezegovina - “Intangible Cultural Heritage: Bosnia and Herzegovina”Bosnia and Hezegovina - “Intangible Cultural Heritage: Bosnia and Herzegovina”
Bosnia and Hezegovina - “Intangible Cultural Heritage: Bosnia and Herzegovina”
UNESCO Venice Office
 
Bosnia pp2
Bosnia pp2Bosnia pp2
Bosnia pp2
Shelbz
 
25 Macedonia events 2016
25 Macedonia events 2016 25 Macedonia events 2016
25 Macedonia events 2016
Plan 5 d.o.o.
 
25 Bosnia & Herzegovina Events in 2016
25 Bosnia & Herzegovina Events in 201625 Bosnia & Herzegovina Events in 2016
25 Bosnia & Herzegovina Events in 2016
Plan 5 d.o.o.
 
Bosnia and Herzegovina - Introducing the Heart-Shaped Country
Bosnia and Herzegovina - Introducing the Heart-Shaped CountryBosnia and Herzegovina - Introducing the Heart-Shaped Country
Bosnia and Herzegovina - Introducing the Heart-Shaped Country
Amel Kovacevic
 
Bosnia And Herzegovina by Sanjin Hadziomerovic
Bosnia And Herzegovina by Sanjin HadziomerovicBosnia And Herzegovina by Sanjin Hadziomerovic
Bosnia And Herzegovina by Sanjin Hadziomerovic
guestc2eb53
 

Viewers also liked (8)

Presentation1
Presentation1Presentation1
Presentation1
 
New year in...
New year in...New year in...
New year in...
 
Bosnia and Hezegovina - “Intangible Cultural Heritage: Bosnia and Herzegovina”
Bosnia and Hezegovina - “Intangible Cultural Heritage: Bosnia and Herzegovina”Bosnia and Hezegovina - “Intangible Cultural Heritage: Bosnia and Herzegovina”
Bosnia and Hezegovina - “Intangible Cultural Heritage: Bosnia and Herzegovina”
 
Bosnia pp2
Bosnia pp2Bosnia pp2
Bosnia pp2
 
25 Macedonia events 2016
25 Macedonia events 2016 25 Macedonia events 2016
25 Macedonia events 2016
 
25 Bosnia & Herzegovina Events in 2016
25 Bosnia & Herzegovina Events in 201625 Bosnia & Herzegovina Events in 2016
25 Bosnia & Herzegovina Events in 2016
 
Bosnia and Herzegovina - Introducing the Heart-Shaped Country
Bosnia and Herzegovina - Introducing the Heart-Shaped CountryBosnia and Herzegovina - Introducing the Heart-Shaped Country
Bosnia and Herzegovina - Introducing the Heart-Shaped Country
 
Bosnia And Herzegovina by Sanjin Hadziomerovic
Bosnia And Herzegovina by Sanjin HadziomerovicBosnia And Herzegovina by Sanjin Hadziomerovic
Bosnia And Herzegovina by Sanjin Hadziomerovic
 

Similar to Levels of IT audit implementation in Bosnia and Herzegovina

Management With Next Gen Executive Information Systems
Management With Next Gen Executive Information SystemsManagement With Next Gen Executive Information Systems
Management With Next Gen Executive Information Systems
Computer Aid, Inc
 
Cio software testing_survey
Cio software testing_surveyCio software testing_survey
Cio software testing_survey
Transition Consulting Limited, India
 
IT Infrastructure - Importance of IT to Business
IT Infrastructure - Importance of IT to BusinessIT Infrastructure - Importance of IT to Business
PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital ValuePwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital Value
Eileen Chan
 
Web Analytics Demystified - Competing On Web Analtytics
Web Analytics Demystified - Competing On Web AnaltyticsWeb Analytics Demystified - Competing On Web Analtytics
Web Analytics Demystified - Competing On Web Analtytics
eefsafe
 
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven JourneyBusiness Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
Rob Williams
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
Eryk Budi Pratama
 
Hawaii OIMT presentation
Hawaii OIMT presentationHawaii OIMT presentation
Hawaii OIMT presentation
Honolulu Civil Beat
 
FreeBalance-ABFM-2011-Budget-2.0
FreeBalance-ABFM-2011-Budget-2.0FreeBalance-ABFM-2011-Budget-2.0
FreeBalance-ABFM-2011-Budget-2.0
FreeBalance
 
Megatrends: Shaping the Future
Megatrends: Shaping the FutureMegatrends: Shaping the Future
Megatrends: Shaping the Future
Digital October
 
CIO Summit 2013 - Mc Nally
CIO Summit 2013 - Mc Nally  CIO Summit 2013 - Mc Nally
CIO Summit 2013 - Mc Nally
CIOsummit
 
CIO Summit 2013 - David McNally
CIO Summit 2013 - David McNallyCIO Summit 2013 - David McNally
CIO Summit 2013 - David McNally
IDGnederland
 
US Market Study
US Market StudyUS Market Study
US Market Study
Tathagat Banerjee
 
Improving Organizational Performance Through Pervasive Business Intelligence
Improving Organizational Performance Through Pervasive Business IntelligenceImproving Organizational Performance Through Pervasive Business Intelligence
Improving Organizational Performance Through Pervasive Business Intelligence
FindWhitePapers
 
Enterprise 2.0 Survey Finland 2010
Enterprise 2.0 Survey Finland 2010Enterprise 2.0 Survey Finland 2010
Enterprise 2.0 Survey Finland 2010
Magdalena Pawlowicz
 
The impact of information technology on external audit fees a field study i...
The impact of information technology on external audit fees   a field study i...The impact of information technology on external audit fees   a field study i...
The impact of information technology on external audit fees a field study i...
Alexander Decker
 
David johnnie
David johnnieDavid johnnie
David johnnie
martha cortez
 
IT-BPO Situationer and ICT Industry Development Programs
IT-BPO Situationer and ICT Industry Development ProgramsIT-BPO Situationer and ICT Industry Development Programs
IT-BPO Situationer and ICT Industry Development Programs
Arangkada Philippines
 
A Guide To IT Compliance Assessment And Management
A Guide To IT Compliance Assessment And ManagementA Guide To IT Compliance Assessment And Management
A Guide To IT Compliance Assessment And Management
Skillmine Technology Consulting
 
IoT: Powering the Future of Business and Improving Everyday Life
IoT: Powering the Future of Business and Improving Everyday LifeIoT: Powering the Future of Business and Improving Everyday Life
IoT: Powering the Future of Business and Improving Everyday Life
Cognizant
 

Similar to Levels of IT audit implementation in Bosnia and Herzegovina (20)

Management With Next Gen Executive Information Systems
Management With Next Gen Executive Information SystemsManagement With Next Gen Executive Information Systems
Management With Next Gen Executive Information Systems
 
Cio software testing_survey
Cio software testing_surveyCio software testing_survey
Cio software testing_survey
 
IT Infrastructure - Importance of IT to Business
IT Infrastructure - Importance of IT to BusinessIT Infrastructure - Importance of IT to Business
IT Infrastructure - Importance of IT to Business
 
PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital ValuePwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital Value
 
Web Analytics Demystified - Competing On Web Analtytics
Web Analytics Demystified - Competing On Web AnaltyticsWeb Analytics Demystified - Competing On Web Analtytics
Web Analytics Demystified - Competing On Web Analtytics
 
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven JourneyBusiness Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
 
Hawaii OIMT presentation
Hawaii OIMT presentationHawaii OIMT presentation
Hawaii OIMT presentation
 
FreeBalance-ABFM-2011-Budget-2.0
FreeBalance-ABFM-2011-Budget-2.0FreeBalance-ABFM-2011-Budget-2.0
FreeBalance-ABFM-2011-Budget-2.0
 
Megatrends: Shaping the Future
Megatrends: Shaping the FutureMegatrends: Shaping the Future
Megatrends: Shaping the Future
 
CIO Summit 2013 - Mc Nally
CIO Summit 2013 - Mc Nally  CIO Summit 2013 - Mc Nally
CIO Summit 2013 - Mc Nally
 
CIO Summit 2013 - David McNally
CIO Summit 2013 - David McNallyCIO Summit 2013 - David McNally
CIO Summit 2013 - David McNally
 
US Market Study
US Market StudyUS Market Study
US Market Study
 
Improving Organizational Performance Through Pervasive Business Intelligence
Improving Organizational Performance Through Pervasive Business IntelligenceImproving Organizational Performance Through Pervasive Business Intelligence
Improving Organizational Performance Through Pervasive Business Intelligence
 
Enterprise 2.0 Survey Finland 2010
Enterprise 2.0 Survey Finland 2010Enterprise 2.0 Survey Finland 2010
Enterprise 2.0 Survey Finland 2010
 
The impact of information technology on external audit fees a field study i...
The impact of information technology on external audit fees   a field study i...The impact of information technology on external audit fees   a field study i...
The impact of information technology on external audit fees a field study i...
 
David johnnie
David johnnieDavid johnnie
David johnnie
 
IT-BPO Situationer and ICT Industry Development Programs
IT-BPO Situationer and ICT Industry Development ProgramsIT-BPO Situationer and ICT Industry Development Programs
IT-BPO Situationer and ICT Industry Development Programs
 
A Guide To IT Compliance Assessment And Management
A Guide To IT Compliance Assessment And ManagementA Guide To IT Compliance Assessment And Management
A Guide To IT Compliance Assessment And Management
 
IoT: Powering the Future of Business and Improving Everyday Life
IoT: Powering the Future of Business and Improving Everyday LifeIoT: Powering the Future of Business and Improving Everyday Life
IoT: Powering the Future of Business and Improving Everyday Life
 

Recently uploaded

RDBMS Lecture Notes Unit4 chapter12 VIEW
RDBMS Lecture Notes Unit4 chapter12 VIEWRDBMS Lecture Notes Unit4 chapter12 VIEW
RDBMS Lecture Notes Unit4 chapter12 VIEW
Murugan Solaiyappan
 
FINAL MATATAG Kindergarten CG 2023 pdf
FINAL MATATAG Kindergarten CG 2023   pdfFINAL MATATAG Kindergarten CG 2023   pdf
FINAL MATATAG Kindergarten CG 2023 pdf
maricelrudela
 
ASP.NET Core Interview Questions PDF By ScholarHat.pdf
ASP.NET Core Interview Questions PDF By ScholarHat.pdfASP.NET Core Interview Questions PDF By ScholarHat.pdf
ASP.NET Core Interview Questions PDF By ScholarHat.pdf
Scholarhat
 
C# Interview Questions PDF By ScholarHat.pdf
C# Interview Questions PDF By ScholarHat.pdfC# Interview Questions PDF By ScholarHat.pdf
C# Interview Questions PDF By ScholarHat.pdf
Scholarhat
 
CTD Punjab Police Past Papers MCQs PPSC PDF
CTD Punjab Police Past Papers MCQs PPSC PDFCTD Punjab Police Past Papers MCQs PPSC PDF
CTD Punjab Police Past Papers MCQs PPSC PDF
hammadmughal76316
 
Power of Ignored Skills: Change the Way You Think and Decide by Manoj Tripathi
Power of Ignored Skills: Change the Way You Think and Decide by Manoj TripathiPower of Ignored Skills: Change the Way You Think and Decide by Manoj Tripathi
Power of Ignored Skills: Change the Way You Think and Decide by Manoj Tripathi
Pankaj523992
 
Introduction to Banking System in India.ppt
Introduction to Banking System in India.pptIntroduction to Banking System in India.ppt
Introduction to Banking System in India.ppt
Dr. S. Bulomine Regi
 
FEELINGS AND EMOTIONS INSIDE OUT MOVIE.ppt
FEELINGS AND EMOTIONS INSIDE OUT MOVIE.pptFEELINGS AND EMOTIONS INSIDE OUT MOVIE.ppt
FEELINGS AND EMOTIONS INSIDE OUT MOVIE.ppt
JenezarieTarra1
 
How to Create a New Article in Knowledge App in Odoo 17
How to Create a New Article in Knowledge App in Odoo 17How to Create a New Article in Knowledge App in Odoo 17
How to Create a New Article in Knowledge App in Odoo 17
Celine George
 
How to Manage Line Discount in Odoo 17 POS
How to Manage Line Discount in Odoo 17 POSHow to Manage Line Discount in Odoo 17 POS
How to Manage Line Discount in Odoo 17 POS
Celine George
 
"DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ...
"DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ..."DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ...
"DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ...
thanhluan21
 
matatag curriculum education for Kindergarten
matatag curriculum education for Kindergartenmatatag curriculum education for Kindergarten
matatag curriculum education for Kindergarten
SarahAlie1
 
E-learning Odoo 17 New features - Odoo 17 Slides
E-learning Odoo 17  New features - Odoo 17 SlidesE-learning Odoo 17  New features - Odoo 17 Slides
E-learning Odoo 17 New features - Odoo 17 Slides
Celine George
 
How to Manage Access Rights & User Types in Odoo 17
How to Manage Access Rights & User Types in Odoo 17How to Manage Access Rights & User Types in Odoo 17
How to Manage Access Rights & User Types in Odoo 17
Celine George
 
How to Add a Filter in the Odoo 17 - Odoo 17 Slides
How to Add a Filter in the Odoo 17 - Odoo 17 SlidesHow to Add a Filter in the Odoo 17 - Odoo 17 Slides
How to Add a Filter in the Odoo 17 - Odoo 17 Slides
Celine George
 
What is Packaging of Products in Odoo 17
What is Packaging of Products in Odoo 17What is Packaging of Products in Odoo 17
What is Packaging of Products in Odoo 17
Celine George
 
modul ajar kelas x bahasa inggris 24/254
modul ajar kelas x bahasa inggris 24/254modul ajar kelas x bahasa inggris 24/254
modul ajar kelas x bahasa inggris 24/254
NurFitriah45
 
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...
Murugan Solaiyappan
 
How to Manage Early Receipt Printing in Odoo 17 POS
How to Manage Early Receipt Printing in Odoo 17 POSHow to Manage Early Receipt Printing in Odoo 17 POS
How to Manage Early Receipt Printing in Odoo 17 POS
Celine George
 
modul ajar kelas x bahasa inggris 2024-2025
modul ajar kelas x bahasa inggris 2024-2025modul ajar kelas x bahasa inggris 2024-2025
modul ajar kelas x bahasa inggris 2024-2025
NurFitriah45
 

Recently uploaded (20)

RDBMS Lecture Notes Unit4 chapter12 VIEW
RDBMS Lecture Notes Unit4 chapter12 VIEWRDBMS Lecture Notes Unit4 chapter12 VIEW
RDBMS Lecture Notes Unit4 chapter12 VIEW
 
FINAL MATATAG Kindergarten CG 2023 pdf
FINAL MATATAG Kindergarten CG 2023   pdfFINAL MATATAG Kindergarten CG 2023   pdf
FINAL MATATAG Kindergarten CG 2023 pdf
 
ASP.NET Core Interview Questions PDF By ScholarHat.pdf
ASP.NET Core Interview Questions PDF By ScholarHat.pdfASP.NET Core Interview Questions PDF By ScholarHat.pdf
ASP.NET Core Interview Questions PDF By ScholarHat.pdf
 
C# Interview Questions PDF By ScholarHat.pdf
C# Interview Questions PDF By ScholarHat.pdfC# Interview Questions PDF By ScholarHat.pdf
C# Interview Questions PDF By ScholarHat.pdf
 
CTD Punjab Police Past Papers MCQs PPSC PDF
CTD Punjab Police Past Papers MCQs PPSC PDFCTD Punjab Police Past Papers MCQs PPSC PDF
CTD Punjab Police Past Papers MCQs PPSC PDF
 
Power of Ignored Skills: Change the Way You Think and Decide by Manoj Tripathi
Power of Ignored Skills: Change the Way You Think and Decide by Manoj TripathiPower of Ignored Skills: Change the Way You Think and Decide by Manoj Tripathi
Power of Ignored Skills: Change the Way You Think and Decide by Manoj Tripathi
 
Introduction to Banking System in India.ppt
Introduction to Banking System in India.pptIntroduction to Banking System in India.ppt
Introduction to Banking System in India.ppt
 
FEELINGS AND EMOTIONS INSIDE OUT MOVIE.ppt
FEELINGS AND EMOTIONS INSIDE OUT MOVIE.pptFEELINGS AND EMOTIONS INSIDE OUT MOVIE.ppt
FEELINGS AND EMOTIONS INSIDE OUT MOVIE.ppt
 
How to Create a New Article in Knowledge App in Odoo 17
How to Create a New Article in Knowledge App in Odoo 17How to Create a New Article in Knowledge App in Odoo 17
How to Create a New Article in Knowledge App in Odoo 17
 
How to Manage Line Discount in Odoo 17 POS
How to Manage Line Discount in Odoo 17 POSHow to Manage Line Discount in Odoo 17 POS
How to Manage Line Discount in Odoo 17 POS
 
"DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ...
"DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ..."DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ...
"DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ...
 
matatag curriculum education for Kindergarten
matatag curriculum education for Kindergartenmatatag curriculum education for Kindergarten
matatag curriculum education for Kindergarten
 
E-learning Odoo 17 New features - Odoo 17 Slides
E-learning Odoo 17  New features - Odoo 17 SlidesE-learning Odoo 17  New features - Odoo 17 Slides
E-learning Odoo 17 New features - Odoo 17 Slides
 
How to Manage Access Rights & User Types in Odoo 17
How to Manage Access Rights & User Types in Odoo 17How to Manage Access Rights & User Types in Odoo 17
How to Manage Access Rights & User Types in Odoo 17
 
How to Add a Filter in the Odoo 17 - Odoo 17 Slides
How to Add a Filter in the Odoo 17 - Odoo 17 SlidesHow to Add a Filter in the Odoo 17 - Odoo 17 Slides
How to Add a Filter in the Odoo 17 - Odoo 17 Slides
 
What is Packaging of Products in Odoo 17
What is Packaging of Products in Odoo 17What is Packaging of Products in Odoo 17
What is Packaging of Products in Odoo 17
 
modul ajar kelas x bahasa inggris 24/254
modul ajar kelas x bahasa inggris 24/254modul ajar kelas x bahasa inggris 24/254
modul ajar kelas x bahasa inggris 24/254
 
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...
 
How to Manage Early Receipt Printing in Odoo 17 POS
How to Manage Early Receipt Printing in Odoo 17 POSHow to Manage Early Receipt Printing in Odoo 17 POS
How to Manage Early Receipt Printing in Odoo 17 POS
 
modul ajar kelas x bahasa inggris 2024-2025
modul ajar kelas x bahasa inggris 2024-2025modul ajar kelas x bahasa inggris 2024-2025
modul ajar kelas x bahasa inggris 2024-2025
 

Levels of IT audit implementation in Bosnia and Herzegovina

  • 1. Master Thesis Presentation Levels of IT audit implementation in Bosnia and Herzegovina Student: Supervisor: Nermin Ćatović Ing. Pavel Ĉech, Ph.D. 1
  • 2. Levels of IT audit implementation in Bosnia and Herzegovina IT auditing is the evaluation of IT, practices and operations to assure the integrity of an entity’s information. Such evaluation can include assessment of the efficiency, effectiveness, and economy of computer-based practices. Derived as an enhancement / support to financial auditing Today – important role in modern business 2
  • 3. Levels of IT audit implementation in Bosnia and Herzegovina Background - Early stages of development in Bosnia and Herzegovina - Chances of huge impact on profession - No ISACA Chapter formed – only 24 registered members - EU integrations will require introduction of legislations - Two legislations in 2012 which change future of IT auditing (another two in preparation!): - Decision of Minimum Standards of Information System Management - Decision on Minimum Standards of Externalization/Outsourcing 3
  • 4. Levels of IT audit implementation in Bosnia and Herzegovina Goals and objectives - Determine and confirm needs for legal legislations - Awakening of consciousness about IT auditing - Determine levels of international standard and framework implementation so far - Awareness of companies - Needs to control and monitor processes are critical to business development 4
  • 5. Levels of IT audit implementation in Bosnia and Herzegovina Hypothesis Growing awareness on the evaluation of information technologies to support modern business and objectives in Bosnia and Herzegovina is changing. This opinion and awareness requires implementation of international standards and frameworks related to control and auditing, risk management, performance measures through adoption of legislatures which are necessary to establish higher level of decision making in management. Research will try to prove positive changes and evolution of information technology auditing compared to previous years. 5
  • 6. Levels of IT audit implementation in Bosnia and Herzegovina Research - February 2012 ( opened for 1 month) - Email list based on previous contacts and use of LinkedIn group – IT revizija - Aimed focus group of 37 people 25 fully filled surveys (67% of aimed number) Easy-to-use filling form on www.itrevizija.ba 6
  • 7. Levels of IT audit implementation in Bosnia and Herzegovina Research concept was based on 6 parts which include 28 questions: – Profile – Company IT profile – Significance and benefits of information technology – IT problems and potential solutions – Awareness and usage of IT Governance frameworks – Awareness and usage of CobiT - Results which prove hypothesis will be shown - Comparison to similar research from 2009 7
  • 8. Levels of IT audit implementation in Bosnia and Herzegovina Question P1.3 : Please indicate Question P1.1: Please indicate position which group does your company within the organization? belong to. P1.3 Internal Auditors, IT security officer, Internal IT auditors, Head of IT department, 20% 20% Auditor, Deputy CEO, IT Supervisor, Project Manager, 0% 4% Assistant IT auditor, CSO, 12% CIO, IT Department Director, IT Project manager, Assistant Professor 44% Limited Liability Company (d.o.o. BiH) Financial Institution Corporation (joint-stock) Public institution or company Nonprofit organization Budget user 8
  • 9. Levels of IT audit implementation in Bosnia and Herzegovina Question P3.2: How strongly would you agree or disagree that IT investments have created value for your organization? P3.2 * proof how IT gives out 0% 0% additional, competitive value 12% Absolutely agree 16% Agree Partly agree Strong disagree 72% I don't know 9
  • 10. Levels of IT audit implementation in Bosnia and Herzegovina Question P3.4: Of these, which is the most important item in the management of IT activities of your organization? P3.4 0% Avoidance of negative incidents 0% 8% 4% Ensuring that the current IT functionality 16% is in compliance with current business needs Achieving a better balance between innovation and risk avoidance Alignment with business and/or legal regulations 72% I don't know 10
  • 11. Levels of IT audit implementation in Bosnia and Herzegovina Question P3.7: To what extent does your IT department support the business needs? P3.7 0% 0% 4% Does not support at all Does not support enough 32% Supports up to some limit Extremely supports I don't know 64% 11
  • 12. Levels of IT audit implementation in Bosnia and Herzegovina Comparison to 2009 research - basis in similar research from 2009 - clear goal of proving hypothesis and positive changes - MSc. Amra Alagid currently works at Federal Banking Agency (B&H) - best way of determining changes - questions that show difference 12
  • 13. Levels of IT audit implementation in Bosnia and Herzegovina Question P2.4: How would you describe Management's level of involvement in IT governance? 2012 2009 0% Low level of 8% 8% engagement 8% Are informed, but 9% 17% not included 20% 22% Participate in 17% decision making Key people in decision making 35% Fully involved 56% I don't know 13
  • 14. Levels of IT audit implementation in Bosnia and Herzegovina Question P3.8: How would you describe the fit or alignment between your IT strategy and your organization’s overall business strategy? 2012 2009. Very poor 0% 0% 0% 4% Poor 4% 9% 4% 17% Average 20% 31% 44% Good 39% Very good I don't know 28% We don't have IT strategy 14
  • 15. Levels of IT audit implementation in Bosnia and Herzegovina Question P5.2: Have you implemented, are you in the process of implementing or are you considering implementing improved IT governance practices? 2012 2009. Not considering implementation 4% 13% Considering 11% implementation 28% 25% 12% 28% In the process of implementing 33% Have implemented 46% I don't know 15
  • 16. Levels of IT audit implementation in Bosnia and Herzegovina Question P5.3: What solutions/frameworks do you use, are you considering using or not using? 2012 ISO security standards – 55% using, 25% considering implementing 2009 ISO security standards – 17% implemented 2012 COBIT framework – 56,5% using, 13% consider implementing 2009 (4th place) COBIT framework – 11% implemented Interesting data obtained is that 38% of respondents are mostly interested and considering implementation of Val IT, but only 9.5% of them are using it which is nearly the same number as from 2009 (9%). 16
  • 17. Levels of IT audit implementation in Bosnia and Herzegovina Question P6.2: Are you personally aware of the contents of COBIT? 2012 2009. 9% 4% 25% Yes No 75% 87% I don't know 17
  • 18. Levels of IT audit implementation in Bosnia and Herzegovina Research results - conclusions - Research that was conducted on the territory of Bosnia and Herzegovina has shown satisfactory conditions - Respondents consider IT generally important for their business - Follow practices of developed countries - Implementation of good practices through intensive cooperation of internal and external auditors. - Reducing risk of information technology --> advise management about practices of strategic approach - Strategic development plan --> strategic plan for implementation of IT - Shows how much management cares about establishment of effective systems of internal controls 18
  • 19. Levels of IT audit implementation in Bosnia and Herzegovina CobiT & problems? - Small amount of developed IT organizations mature enough to implement - Areas of banking and financial activities - Insufficient institutionalized encouragement - COBIT framework must be adapted to use in each individual organization (if we are using it to improve processes) - Change in mindset, orientation and training of organization and its employees - „ community of auditors „ 19
  • 20. Levels of IT audit implementation in Bosnia and Herzegovina Improvements & suggestions - Not perfect but clear improvements can be seen - Increase popularity of www.itrevizija.ba - Training, on-line educations, consultant lectures, presentations, case studies, etc. - Benefits of organizing first IT auditing conference - Clearer understanding of risk, development of audit programs - Promotion of the frameworks within auditing community - Experiences and examples from similar countries and European Union 20
  • 21. Levels of IT audit implementation in Bosnia and Herzegovina Publication - Research document prepared for all interested individuals - Free publication available on www.itrevizija.ba - Extremely positive comments from leading experts so far - Possibility of publishing results and publication by Institute of Internal Auditors (IIA BiH) - Invitation to write 2-3 part article about IT auditing with research results in leading accounting and auditing magazine „Porezni savjetnik“ – Tax advisor 21
  • 22. Thank you for attention! Nermin Ćatović 22
  • 23. Reviewer’s questions: Other questions? 23
  • 24. Levels of IT audit implementation in Bosnia and Herzegovina Question 1: What do you think is the most interesting result from your survey from the B&H IT industry point of view? Support it with some sound arguments. Question 2. Was the number of completely filled surveys high enough for achieving some sound statistical results? 24
  • 25. Levels of IT audit implementation in Bosnia and Herzegovina Question P5.4: How important is IT risk management to your organization? 2012 2009 0% 4% 4% 4% 14% 5% Not important at all 20% Not very important 48% 9% Not sure Somewhat important 24% Very important 68% I don't know 25
  • 26. Levels of IT audit implementation in Bosnia and Herzegovina Question 1: What do you think is the most interesting result from your survey from the B&H IT industry point of view? Support it with some sound arguments. According to a 2009 survey of 280 audit committee members conducted by KPMG in conjunction with the National Association of Corporate Directors, IT risk is a key area of concern. Banking sector – huge risks (cyber attacks) – constant increase - Lack of legislations – REDUCING RISK takes an essential role - Realization that IT risk management is crucial in protecting their assets - Corporate risk management – clearly part of internal controls - Provides guidance to help executives and management ask the key questions, make better, more informed risk-adjusted decisions and guide their enterprises so risk is managed effectively - Helps save time, cost and effort with tools to address business risks 26
  • 27. Levels of IT audit implementation in Bosnia and Herzegovina Question 2. Was the number of completely filled surveys high enough for achieving some sound statistical results? - Undeveloped IT community - Basic statistical data - 2009 research 27 filled questionnaires | 2012 research 25 filled - Physical presence and deep networking abilities crucial for obtaining data - Professional encouragement from experts - Advices of how to improve future version of research – EMPHASIS on larger group of experts and individual question relationships ( multivariable statistical analysis) - Personal opinion – IT CAN/MUST BE IMPROVED - „ Research V2 „ - extensive research on this topic (from inside industry /profession) 27