SlideShare a Scribd company logo

Running head AUDITING INFORMATION SYSTEMS PROCESS .docx

Download as DOCX, PDF
J
joellemurphey

Running head: AUDITING INFORMATION SYSTEMS PROCESS 1 AUDITING INFORMATION SYSTEMS PROCESS 2 Auditing information systems process Student’s Name University Affiliation Process of Auditing information systems Information system is the livelihood of every huge company. As it has been in the past years, computer systems don’t simply document transactions of business, rather essentially compel the main business procedures of the venture. In this kind of a situation, superior administration and company managers usually have worries concerning an information system. assessment is a methodical process in which a proficient, autonomous person impartially gets and assesses proof concerning affirmations about a financial unit or occasion with the intent to outline an outlook about and giving feedback on the extent in which the contention matches an acknowledged standards set. information systems auditing refers to the administration controls assessment inside the communications of Information Technology. The obtained proof valuation is used to decide if systems of information are defensive assets, maintenance reliability of data, and also if they are efficiently operating in order to attain organization’s goals or objectives (Hoelzer, 2009). Auditing of Information Systems has become an essential part of business organization in both large and small business environments. This paper examines the preliminary points for carrying out and Information system audit and some of the, techniques, tools, guidelines and standards that can be employed to build, manage, and examine the review function. The Certified Information Systems Auditor (CISA) qualifications is recognized worldwide as a standard of accomplishment for those who assess, monitor, control and audit the information technology of an organization and business systems. Information Systems experts with a concern in information systems security, control and audit. At least five years of specialized information systems security, auditing and control work practice is necessary for certification. An audit contract should be present to evidently state the responsibility of the management, purpose for, in addition to designation of power to audit of Information System . The audit contract should also summarize the general right, responsibilities and scope of the purpose of audit. The uppermost level of management should endorse the contract and on one occasion it is set up, this contract is supposed to be distorted merely if the amendment is and might be meticulously defensible. The process of auditing information systems involves;- Audit Function Management; this process includes assessment which is systematic of policies and methods of management of the organization in managemen ...

Education
1 of 9
Running head: AUDITING INFORMATION SYSTEMS PROCESS 1 AUDITING INFORMATION SYSTEMS PROCESS 2 Auditing information systems process Student’s Name University Affiliation Process of Auditing information systems Information system is the livelihood of every huge company. As it has been in the past years, computer systems don’t simply document transactions of business, rather essentially compel the main business procedures of the venture. In this kind of a situation, superior administration and company managers usually have worries concerning an information system. assessment is a methodical process in which a proficient, autonomous person impartially gets and assesses proof concerning affirmations about a financial unit or occasion with the intent to outline an outlook about and giving feedback on the extent in which the contention matches an acknowledged standards set. information systems auditing refers to the administration controls assessment inside the communications of Information Technology. The obtained proof valuation is used to decide if systems of information are defensive assets, maintenance reliability of data, and also if they are efficiently operating in order to attain organization’s goals or objectives (Hoelzer, 2009).
Auditing of Information Systems has become an essential part of business organization in both large and small business environments. This paper examines the preliminary points for carrying out and Information system audit and some of the, techniques, tools, guidelines and standards that can be employed to build, manage, and examine the review function. The Certified Information Systems Auditor (CISA) qualifications is recognized worldwide as a standard of accomplishment for those who assess, monitor, control and audit the information technology of an organization and business systems. Information Systems experts with a concern in information systems security, control and audit. At least five years of specialized information systems security, auditing and control work practice is necessary for certification. An audit contract should be present to evidently state the responsibility of the management, purpose for, in addition to designation of power to audit of Information System . The audit contract should also summarize the general right, responsibilities and scope of the purpose of audit. The uppermost level of management should endorse the contract and on one occasion it is set up, this contract is supposed to be distorted merely if the amendment is and might be meticulously defensible. The process of auditing information systems involves;- Audit Function Management; this process includes assessment which is systematic of policies and methods of management of the organization in management and utilization of resources, improvement of organization and employee, strategic and tactical planning. The main goals are to establish the present effectiveness level, suggesting improvements and putting down standards for performance in future. Standards of Assurance, IT Audit and Guidelines; these involve the relationships between standards, tools, guidelines and techniques. It also comprises of the assurance framework of Information technology among other standards. They describe a
framework of guidance and standards which relates to performance and acceptance of assurance activities and auditing (John, 2007). Risk Analysis; thisinvolves identifying specific risks that might be faced by the information system of the organization and establish the impacts, occurrence likelihood, severity and priority and recommendations of strategies of mitigation. Internal Controls; these are actions that the management and other groups take for risk management and increase the possibility that the identified goals and objectives will be attained. Perform an Information System Audit; this process involves the evaluation of weaknesses and strengths of the audit, testing, sampling, recommendation implementation of the management and communicating the results of the audit, among others (Richard, 2007). The function of audit of Information System is to evaluate and offer suggestions, reassurance in addition to feedback. These apprehensions may be categorized in three wide categories: · accessibility: This entails whether the information scheme which the organization greatly depends on will be accessible for the company during all the occasions when needed. It also answers questions like whether the whole of the system is well protected against all kinds of disasters and losses. · discretion: This concerns whether the data inside the system will be revealed solitary to the people who are in need to see it and utilize it but not to everyone else.
· reliability: This entails whether the data offered by the system will at all times be timely, dependable in addition to being accurate. It also makes sure that there is no illegal alteration that could be carried out on the software or else the data inside the system. The advantages of review can be categorized into four groups which include: · Strategic Benefits. Reliability of information formed by the business. Improved client assurance. · Operational advantages. Improved worker Morale in addition to Productivity. Reliability of Data makes it possible for Management to formulate accurate and informed choices. · economic Benefits. Improved Performance of the hardware. prices of burglary of Information System property are condensed. · technological Benefits. Organization choices regarding Computer generated information are consistent. Company associates trust the Organization’s administration distribution in addition to control of susceptible Data. ASPECTS OF INFORMATION SYSTEM AUDIT: information systems are not merely processors. present information systems have become intricate and contain many constituents which come together to build a company resolution (Weber, 2002). Reassurance about information systems could be
attained simply if every constituent is assessed and protected. The main aspects of Information Systems review could be largely categorized into: · Environmental and physical evaluation which consists of humidity control, air conditioning, power supply, physical security in addition to other ecological aspects. · system management evaluation: system management evaluation entails safety evaluation regarding the database administration schemes, operating structures and each and every system management compliance along with procedures. · appliance software evaluation. The appliance of the business can be an enterprise resource planning system, a web based client order processing system, invoicing or a payroll scheme that essentially operates the company. The evaluation of such appliance software would include corresponding manual procedures and controls, business procedures within the application software, mistake and exception handling, validations, authorizations and access control. In addition, an evaluation of the scheme development lifecycle is supposed to be accomplished. · system security evaluation. The typical areas covered by this review include the evaluation of the external and internal connections to the system, intrusion detection and port scanning, router admission control lists, review of the firewall and boundary security. · Business permanence review. Business permanence review entails maintenance plus existence of error lenient and superfluous hardware, backing storage, procedures plus tested disaster and documented business or recovery stability arrange.
· information reliability evaluation. The intention of this examination of live information is for confirming the impact of weaknesses in addition to sufficiency of controls like observed on or after one of the previous evaluations. Such substantial investigation can be carried out using a software for comprehensive auditing. for instance PC aided review procedures (Weber, 2002). It can be imperative appreciating that every review may have all of these aspects in different extents. various auditors may examine just one of the aspects and leave the other aspects. However, it is essential to carry out all the aspects though it is not compulsory to carry out all of them in one task. The set of skills that is needed for every of these aspects is dissimilar. The outcomes on every review require not to be perceived in relation to another. This allows the examiner and the administration to obtain the full scrutiny of problems and concerns. This review is very important. All these aspects require to be tackled in order to give the administration an apparent evaluation of the scheme. For instance, appliance software can be fine planned and executed with all the safety characteristics, and the defaulting user secret code inside the working system utilized on the server could not have been altered, thus permitting somebody to see the records files openly. a circumstance like this contradicts whatsoever precautions that was constructed into the appliance. similarly, technological system safety and firewalls might have been executed thoroughly, excluding the access controls and task definitions in the application software might have also been inadequately planned and executed where making use of the client IDs, workers might get to see vital and delicate data far ahead of their positions (Weber, 2002).. We should also appreciate that every examination might entail these aspects in different actions. Some reviews may inspect just one of the aspects or leave some of the aspects. It is however necessary to to carry out all of these aspects but it is not compulsory to carry out all of them in a single task. The set
of skills needed for every aspect is dissimilar. The outcomes of each review should not be perceived the same as another. This will allow the examiner and the administration to get a complete view of concerns and difficulties. This review is very significant. threat based Approacheach organization utilizes several of systems of information. There might be diverse functions for diverse activities in addition to functions and there might be various workstation installations at diverse physical positions. The examiner is confronted with the difficulties of what to audit, at what time in addition to how regularly he should do so. The response to all this is to implement an approach that is threat based. whereas there are hazards intrinsic to the systems, the hazards crash diverse schemes in diverse ways. hazards of no availability can be severe even if it happens for an hour (Weber, 2002). hazards of illegal alteration could be a basis to potential losses as well as frauds to online bank system. A bunch dispensation scheme or an information merging system might be comparatively a little more susceptible to a number of these perils. The industrial surroundings on which the scheme operate on may also have an effect on the hazard connected by the system. The procedure that could be pursued for a threat based approach to creation of an review plan include: 1. Account for the information system in exercise in the business and classify them. 2. Decide on which of the system has vital assets or functions, for examle how close to actual time they function, decision making, customers, materials and money. 3. Evaluate which hazards influence the systems and their strictness of consequence on the company.
4. Categorize the schemes on basis of the above evaluation and settle on the review frequency, schedule, assets and priority. The auditor can then come up with an annual review plan that classifies the reviews that will be carried out during the period od of time according to the plan in adition to the assets that are necessary. Groundwork before instigating a review entails gathering of background data and examining the skills plus the resources needed to perform the review. This allows employees having the correct type of proficiency to be selected to the correct task. It is at all times good to have an official review beginning convention with the top administration answerable for the section under review to conclude the extent, recognize the extraordinary problems, if present, plan the date as well as clarify on the technique for the review. conventions like this should get topr administration concerned, permit individuals to meet up with one another, explain concerns and essential company worries as well as assist the review to be performed efficiently (Weber, 2002). References Weber, R. (2002). EDP Auditing. Conceptual Foundations and Practice. Hoelzer, D. (2009). Audit Principles, Risk Assessment & Effective Reporting. SANS Press. John, B. (2007). Public Sector Auditing: Is it Value for Money? Creating a culture of compliance Richard, C. (2007). Information system auditing; Auditor's Guide to Information Systems Auditing. High Tower SoftwareZENER, B. (2012). Public Sector Auditing: SANS Press.
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx

Recommended

· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptxHardikKundra
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iiiAshish Desai
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxJoshJaro
 
Risk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational ApproachRisk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational ApproachGraydon McKee
 
To meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STo meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STakishaPeck109
 
it grc
it grc it grc
it grc 9535814851
 

Recommended

· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptxHardikKundra
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iiiAshish Desai
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxJoshJaro
 
Risk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational ApproachRisk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational ApproachGraydon McKee
 
To meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STo meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STakishaPeck109
 
it grc
it grc it grc
it grc 9535814851
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.gueste080564
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.renetta
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computingguestc1bca2
 
Unit Iii
Unit IiiUnit Iii
Unit IiiRam Dutt Shukla
 
Information systems and its components ii
Information systems and its components iiInformation systems and its components ii
Information systems and its components iiAshish Desai
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptxJunaidAhmed976315
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lessonAnne ndolo
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
Dit yvol5iss38
Dit yvol5iss38Dit yvol5iss38
Dit yvol5iss38Rick Lemieux
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
Successful preparation for regulatory inspections of computerized systems in ...
Successful preparation for regulatory inspections of computerized systems in ...Successful preparation for regulatory inspections of computerized systems in ...
Successful preparation for regulatory inspections of computerized systems in ...ARITHMOS
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Information system implementation, change management and control
Information system implementation, change management and controlInformation system implementation, change management and control
Information system implementation, change management and controlShruti Pendharkar
 
Building Information System
Building Information SystemBuilding Information System
Building Information SystemRabia Jabeen
 
OverviewYou have been hired as an auditor for a local univer.docx
OverviewYou have been hired as an auditor for a local univer.docxOverviewYou have been hired as an auditor for a local univer.docx
OverviewYou have been hired as an auditor for a local univer.docxaman341480
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal ControlsBharath Rao
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
Health Informatics- Module 4-Chapter 1.pptx
Health Informatics- Module 4-Chapter 1.pptxHealth Informatics- Module 4-Chapter 1.pptx
Health Informatics- Module 4-Chapter 1.pptxArti Parab Academics
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Security Experts
 
Eastern European countries appear to have become dependent on Ru.docx
Eastern European countries appear to have become dependent on Ru.docxEastern European countries appear to have become dependent on Ru.docx
Eastern European countries appear to have become dependent on Ru.docxjoellemurphey
 
EAS 209 Second Response Paper Topic Assignment Due .docx
EAS 209 Second Response Paper Topic Assignment Due .docxEAS 209 Second Response Paper Topic Assignment Due .docx
EAS 209 Second Response Paper Topic Assignment Due .docxjoellemurphey
 

More Related Content

Similar to Running head AUDITING INFORMATION SYSTEMS PROCESS .docx

The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.gueste080564
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.renetta
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computingguestc1bca2
 
Information systems and its components ii
Information systems and its components iiInformation systems and its components ii
Information systems and its components iiAshish Desai
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lessonAnne ndolo
 
Successful preparation for regulatory inspections of computerized systems in ...
Successful preparation for regulatory inspections of computerized systems in ...Successful preparation for regulatory inspections of computerized systems in ...
Successful preparation for regulatory inspections of computerized systems in ...ARITHMOS
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Information system implementation, change management and control
Information system implementation, change management and controlInformation system implementation, change management and control
Information system implementation, change management and controlShruti Pendharkar
 
Building Information System
Building Information SystemBuilding Information System
Building Information SystemRabia Jabeen
 
OverviewYou have been hired as an auditor for a local univer.docx
OverviewYou have been hired as an auditor for a local univer.docxOverviewYou have been hired as an auditor for a local univer.docx
OverviewYou have been hired as an auditor for a local univer.docxaman341480
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal ControlsBharath Rao
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
Health Informatics- Module 4-Chapter 1.pptx
Health Informatics- Module 4-Chapter 1.pptxHealth Informatics- Module 4-Chapter 1.pptx
Health Informatics- Module 4-Chapter 1.pptxArti Parab Academics
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Security Experts
 

Similar to Running head AUDITING INFORMATION SYSTEMS PROCESS .docx (20)

The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computing
 
Unit Iii
Unit IiiUnit Iii
Unit Iii
 
Information systems and its components ii
Information systems and its components iiInformation systems and its components ii
Information systems and its components ii
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lesson
 
Security audit
Security auditSecurity audit
Security audit
 
Dit yvol5iss38
Dit yvol5iss38Dit yvol5iss38
Dit yvol5iss38
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Successful preparation for regulatory inspections of computerized systems in ...
Successful preparation for regulatory inspections of computerized systems in ...Successful preparation for regulatory inspections of computerized systems in ...
Successful preparation for regulatory inspections of computerized systems in ...
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Information system implementation, change management and control
Information system implementation, change management and controlInformation system implementation, change management and control
Information system implementation, change management and control
 
Building Information System
Building Information SystemBuilding Information System
Building Information System
 
OverviewYou have been hired as an auditor for a local univer.docx
OverviewYou have been hired as an auditor for a local univer.docxOverviewYou have been hired as an auditor for a local univer.docx
OverviewYou have been hired as an auditor for a local univer.docx
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
Health Informatics- Module 4-Chapter 1.pptx
Health Informatics- Module 4-Chapter 1.pptxHealth Informatics- Module 4-Chapter 1.pptx
Health Informatics- Module 4-Chapter 1.pptx
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
 

More from joellemurphey

Eastern European countries appear to have become dependent on Ru.docx
Eastern European countries appear to have become dependent on Ru.docxEastern European countries appear to have become dependent on Ru.docx
Eastern European countries appear to have become dependent on Ru.docxjoellemurphey
 
EAS 209 Second Response Paper Topic Assignment Due .docx
EAS 209 Second Response Paper Topic Assignment Due .docxEAS 209 Second Response Paper Topic Assignment Due .docx
EAS 209 Second Response Paper Topic Assignment Due .docxjoellemurphey
 
Earth Science LabIn what order do materials settle in waterSo t.docx
Earth Science LabIn what order do materials settle in waterSo t.docxEarth Science LabIn what order do materials settle in waterSo t.docx
Earth Science LabIn what order do materials settle in waterSo t.docxjoellemurphey
 
EarlyIntervention Strategies Paper (15 points)The pu.docx
EarlyIntervention Strategies Paper (15 points)The pu.docxEarlyIntervention Strategies Paper (15 points)The pu.docx
EarlyIntervention Strategies Paper (15 points)The pu.docxjoellemurphey
 
Early Hominids & Australopithecus SubscribeWhat is a too.docx
Early Hominids & Australopithecus SubscribeWhat is a too.docxEarly Hominids & Australopithecus SubscribeWhat is a too.docx
Early Hominids & Australopithecus SubscribeWhat is a too.docxjoellemurphey
 
Early scholarly and philosophical manuscripts were in Greek. However.docx
Early scholarly and philosophical manuscripts were in Greek. However.docxEarly scholarly and philosophical manuscripts were in Greek. However.docx
Early scholarly and philosophical manuscripts were in Greek. However.docxjoellemurphey
 
Early Learning & Developmental Guidelines July 2017 1 .docx
Early Learning & Developmental Guidelines July 2017 1 .docxEarly Learning & Developmental Guidelines July 2017 1 .docx
Early Learning & Developmental Guidelines July 2017 1 .docxjoellemurphey
 
Early Innovations and Their Impact Today Wilbur and Orville Wrig.docx
Early Innovations and Their Impact Today Wilbur and Orville Wrig.docxEarly Innovations and Their Impact Today Wilbur and Orville Wrig.docx
Early Innovations and Their Impact Today Wilbur and Orville Wrig.docxjoellemurphey
 
Early childhood professionals have an essential role in creating.docx
Early childhood professionals have an essential role in creating.docxEarly childhood professionals have an essential role in creating.docx
Early childhood professionals have an essential role in creating.docxjoellemurphey
 
Early Constitutional ControversiesIn 1788, Alexander Hamilton and .docx
Early Constitutional ControversiesIn 1788, Alexander Hamilton and .docxEarly Constitutional ControversiesIn 1788, Alexander Hamilton and .docx
Early Constitutional ControversiesIn 1788, Alexander Hamilton and .docxjoellemurphey
 
Early Civilizations MatrixUsing your readings and outside sour.docx
Early Civilizations MatrixUsing your readings and outside sour.docxEarly Civilizations MatrixUsing your readings and outside sour.docx
Early Civilizations MatrixUsing your readings and outside sour.docxjoellemurphey
 
Early childhood teachers need to stay connected to what is occurring.docx
Early childhood teachers need to stay connected to what is occurring.docxEarly childhood teachers need to stay connected to what is occurring.docx
Early childhood teachers need to stay connected to what is occurring.docxjoellemurphey
 
Early and Middle Adulthood PaperPrepare a 1,050- to 1,400-word.docx
Early and Middle Adulthood PaperPrepare a 1,050- to 1,400-word.docxEarly and Middle Adulthood PaperPrepare a 1,050- to 1,400-word.docx
Early and Middle Adulthood PaperPrepare a 1,050- to 1,400-word.docxjoellemurphey
 
Earlier this semester, you participated in a class discussion about .docx
Earlier this semester, you participated in a class discussion about .docxEarlier this semester, you participated in a class discussion about .docx
Earlier this semester, you participated in a class discussion about .docxjoellemurphey
 
EAP1640 - Level 6 Writing (Virtual College, MDC) Author P.docx
EAP1640 - Level 6 Writing (Virtual College, MDC) Author P.docxEAP1640 - Level 6 Writing (Virtual College, MDC) Author P.docx
EAP1640 - Level 6 Writing (Virtual College, MDC) Author P.docxjoellemurphey
 
Earlean, please write these notes for me. October 01, 20181. My .docx
Earlean, please write these notes for me. October 01, 20181. My .docxEarlean, please write these notes for me. October 01, 20181. My .docx
Earlean, please write these notes for me. October 01, 20181. My .docxjoellemurphey
 
eam Assignment 4 Teaming Across Distance and Culture..docx
eam Assignment 4 Teaming Across Distance and Culture..docxeam Assignment 4 Teaming Across Distance and Culture..docx
eam Assignment 4 Teaming Across Distance and Culture..docxjoellemurphey
 
ead the following articleMother Tongue Maintenance Among North .docx
ead the following articleMother Tongue Maintenance Among North .docxead the following articleMother Tongue Maintenance Among North .docx
ead the following articleMother Tongue Maintenance Among North .docxjoellemurphey
 
eActivityGo to the United States Equal Employment Oppo.docx
eActivityGo to the United States Equal Employment Oppo.docxeActivityGo to the United States Equal Employment Oppo.docx
eActivityGo to the United States Equal Employment Oppo.docxjoellemurphey
 
Each year on or around June 15, communities and municipalities aroun.docx
Each year on or around June 15, communities and municipalities aroun.docxEach year on or around June 15, communities and municipalities aroun.docx
Each year on or around June 15, communities and municipalities aroun.docxjoellemurphey
 

More from joellemurphey (20)

Eastern European countries appear to have become dependent on Ru.docx
Eastern European countries appear to have become dependent on Ru.docxEastern European countries appear to have become dependent on Ru.docx
Eastern European countries appear to have become dependent on Ru.docx
 
EAS 209 Second Response Paper Topic Assignment Due .docx
EAS 209 Second Response Paper Topic Assignment Due .docxEAS 209 Second Response Paper Topic Assignment Due .docx
EAS 209 Second Response Paper Topic Assignment Due .docx
 
Earth Science LabIn what order do materials settle in waterSo t.docx
Earth Science LabIn what order do materials settle in waterSo t.docxEarth Science LabIn what order do materials settle in waterSo t.docx
Earth Science LabIn what order do materials settle in waterSo t.docx
 
EarlyIntervention Strategies Paper (15 points)The pu.docx
EarlyIntervention Strategies Paper (15 points)The pu.docxEarlyIntervention Strategies Paper (15 points)The pu.docx
EarlyIntervention Strategies Paper (15 points)The pu.docx
 
Early Hominids & Australopithecus SubscribeWhat is a too.docx
Early Hominids & Australopithecus SubscribeWhat is a too.docxEarly Hominids & Australopithecus SubscribeWhat is a too.docx
Early Hominids & Australopithecus SubscribeWhat is a too.docx
 
Early scholarly and philosophical manuscripts were in Greek. However.docx
Early scholarly and philosophical manuscripts were in Greek. However.docxEarly scholarly and philosophical manuscripts were in Greek. However.docx
Early scholarly and philosophical manuscripts were in Greek. However.docx
 
Early Learning & Developmental Guidelines July 2017 1 .docx
Early Learning & Developmental Guidelines July 2017 1 .docxEarly Learning & Developmental Guidelines July 2017 1 .docx
Early Learning & Developmental Guidelines July 2017 1 .docx
 
Early Innovations and Their Impact Today Wilbur and Orville Wrig.docx
Early Innovations and Their Impact Today Wilbur and Orville Wrig.docxEarly Innovations and Their Impact Today Wilbur and Orville Wrig.docx
Early Innovations and Their Impact Today Wilbur and Orville Wrig.docx
 
Early childhood professionals have an essential role in creating.docx
Early childhood professionals have an essential role in creating.docxEarly childhood professionals have an essential role in creating.docx
Early childhood professionals have an essential role in creating.docx
 
Early Constitutional ControversiesIn 1788, Alexander Hamilton and .docx
Early Constitutional ControversiesIn 1788, Alexander Hamilton and .docxEarly Constitutional ControversiesIn 1788, Alexander Hamilton and .docx
Early Constitutional ControversiesIn 1788, Alexander Hamilton and .docx
 
Early Civilizations MatrixUsing your readings and outside sour.docx
Early Civilizations MatrixUsing your readings and outside sour.docxEarly Civilizations MatrixUsing your readings and outside sour.docx
Early Civilizations MatrixUsing your readings and outside sour.docx
 
Early childhood teachers need to stay connected to what is occurring.docx
Early childhood teachers need to stay connected to what is occurring.docxEarly childhood teachers need to stay connected to what is occurring.docx
Early childhood teachers need to stay connected to what is occurring.docx
 
Early and Middle Adulthood PaperPrepare a 1,050- to 1,400-word.docx
Early and Middle Adulthood PaperPrepare a 1,050- to 1,400-word.docxEarly and Middle Adulthood PaperPrepare a 1,050- to 1,400-word.docx
Early and Middle Adulthood PaperPrepare a 1,050- to 1,400-word.docx
 
Earlier this semester, you participated in a class discussion about .docx
Earlier this semester, you participated in a class discussion about .docxEarlier this semester, you participated in a class discussion about .docx
Earlier this semester, you participated in a class discussion about .docx
 
EAP1640 - Level 6 Writing (Virtual College, MDC) Author P.docx
EAP1640 - Level 6 Writing (Virtual College, MDC) Author P.docxEAP1640 - Level 6 Writing (Virtual College, MDC) Author P.docx
EAP1640 - Level 6 Writing (Virtual College, MDC) Author P.docx
 
Earlean, please write these notes for me. October 01, 20181. My .docx
Earlean, please write these notes for me. October 01, 20181. My .docxEarlean, please write these notes for me. October 01, 20181. My .docx
Earlean, please write these notes for me. October 01, 20181. My .docx
 
eam Assignment 4 Teaming Across Distance and Culture..docx
eam Assignment 4 Teaming Across Distance and Culture..docxeam Assignment 4 Teaming Across Distance and Culture..docx
eam Assignment 4 Teaming Across Distance and Culture..docx
 
ead the following articleMother Tongue Maintenance Among North .docx
ead the following articleMother Tongue Maintenance Among North .docxead the following articleMother Tongue Maintenance Among North .docx
ead the following articleMother Tongue Maintenance Among North .docx
 
eActivityGo to the United States Equal Employment Oppo.docx
eActivityGo to the United States Equal Employment Oppo.docxeActivityGo to the United States Equal Employment Oppo.docx
eActivityGo to the United States Equal Employment Oppo.docx
 
Each year on or around June 15, communities and municipalities aroun.docx
Each year on or around June 15, communities and municipalities aroun.docxEach year on or around June 15, communities and municipalities aroun.docx
Each year on or around June 15, communities and municipalities aroun.docx
 

Recently uploaded

Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonJericReyAuditor
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 

Recently uploaded (20)

Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lesson
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 

Running head AUDITING INFORMATION SYSTEMS PROCESS .docx

  • 1. Running head: AUDITING INFORMATION SYSTEMS PROCESS 1 AUDITING INFORMATION SYSTEMS PROCESS 2 Auditing information systems process Student’s Name University Affiliation Process of Auditing information systems Information system is the livelihood of every huge company. As it has been in the past years, computer systems don’t simply document transactions of business, rather essentially compel the main business procedures of the venture. In this kind of a situation, superior administration and company managers usually have worries concerning an information system. assessment is a methodical process in which a proficient, autonomous person impartially gets and assesses proof concerning affirmations about a financial unit or occasion with the intent to outline an outlook about and giving feedback on the extent in which the contention matches an acknowledged standards set. information systems auditing refers to the administration controls assessment inside the communications of Information Technology. The obtained proof valuation is used to decide if systems of information are defensive assets, maintenance reliability of data, and also if they are efficiently operating in order to attain organization’s goals or objectives (Hoelzer, 2009).
  • 2. Auditing of Information Systems has become an essential part of business organization in both large and small business environments. This paper examines the preliminary points for carrying out and Information system audit and some of the, techniques, tools, guidelines and standards that can be employed to build, manage, and examine the review function. The Certified Information Systems Auditor (CISA) qualifications is recognized worldwide as a standard of accomplishment for those who assess, monitor, control and audit the information technology of an organization and business systems. Information Systems experts with a concern in information systems security, control and audit. At least five years of specialized information systems security, auditing and control work practice is necessary for certification. An audit contract should be present to evidently state the responsibility of the management, purpose for, in addition to designation of power to audit of Information System . The audit contract should also summarize the general right, responsibilities and scope of the purpose of audit. The uppermost level of management should endorse the contract and on one occasion it is set up, this contract is supposed to be distorted merely if the amendment is and might be meticulously defensible. The process of auditing information systems involves;- Audit Function Management; this process includes assessment which is systematic of policies and methods of management of the organization in management and utilization of resources, improvement of organization and employee, strategic and tactical planning. The main goals are to establish the present effectiveness level, suggesting improvements and putting down standards for performance in future. Standards of Assurance, IT Audit and Guidelines; these involve the relationships between standards, tools, guidelines and techniques. It also comprises of the assurance framework of Information technology among other standards. They describe a
  • 3. framework of guidance and standards which relates to performance and acceptance of assurance activities and auditing (John, 2007). Risk Analysis; thisinvolves identifying specific risks that might be faced by the information system of the organization and establish the impacts, occurrence likelihood, severity and priority and recommendations of strategies of mitigation. Internal Controls; these are actions that the management and other groups take for risk management and increase the possibility that the identified goals and objectives will be attained. Perform an Information System Audit; this process involves the evaluation of weaknesses and strengths of the audit, testing, sampling, recommendation implementation of the management and communicating the results of the audit, among others (Richard, 2007). The function of audit of Information System is to evaluate and offer suggestions, reassurance in addition to feedback. These apprehensions may be categorized in three wide categories: · accessibility: This entails whether the information scheme which the organization greatly depends on will be accessible for the company during all the occasions when needed. It also answers questions like whether the whole of the system is well protected against all kinds of disasters and losses. · discretion: This concerns whether the data inside the system will be revealed solitary to the people who are in need to see it and utilize it but not to everyone else.
  • 4. · reliability: This entails whether the data offered by the system will at all times be timely, dependable in addition to being accurate. It also makes sure that there is no illegal alteration that could be carried out on the software or else the data inside the system. The advantages of review can be categorized into four groups which include: · Strategic Benefits. Reliability of information formed by the business. Improved client assurance. · Operational advantages. Improved worker Morale in addition to Productivity. Reliability of Data makes it possible for Management to formulate accurate and informed choices. · economic Benefits. Improved Performance of the hardware. prices of burglary of Information System property are condensed. · technological Benefits. Organization choices regarding Computer generated information are consistent. Company associates trust the Organization’s administration distribution in addition to control of susceptible Data. ASPECTS OF INFORMATION SYSTEM AUDIT: information systems are not merely processors. present information systems have become intricate and contain many constituents which come together to build a company resolution (Weber, 2002). Reassurance about information systems could be
  • 5. attained simply if every constituent is assessed and protected. The main aspects of Information Systems review could be largely categorized into: · Environmental and physical evaluation which consists of humidity control, air conditioning, power supply, physical security in addition to other ecological aspects. · system management evaluation: system management evaluation entails safety evaluation regarding the database administration schemes, operating structures and each and every system management compliance along with procedures. · appliance software evaluation. The appliance of the business can be an enterprise resource planning system, a web based client order processing system, invoicing or a payroll scheme that essentially operates the company. The evaluation of such appliance software would include corresponding manual procedures and controls, business procedures within the application software, mistake and exception handling, validations, authorizations and access control. In addition, an evaluation of the scheme development lifecycle is supposed to be accomplished. · system security evaluation. The typical areas covered by this review include the evaluation of the external and internal connections to the system, intrusion detection and port scanning, router admission control lists, review of the firewall and boundary security. · Business permanence review. Business permanence review entails maintenance plus existence of error lenient and superfluous hardware, backing storage, procedures plus tested disaster and documented business or recovery stability arrange.
  • 6. · information reliability evaluation. The intention of this examination of live information is for confirming the impact of weaknesses in addition to sufficiency of controls like observed on or after one of the previous evaluations. Such substantial investigation can be carried out using a software for comprehensive auditing. for instance PC aided review procedures (Weber, 2002). It can be imperative appreciating that every review may have all of these aspects in different extents. various auditors may examine just one of the aspects and leave the other aspects. However, it is essential to carry out all the aspects though it is not compulsory to carry out all of them in one task. The set of skills that is needed for every of these aspects is dissimilar. The outcomes on every review require not to be perceived in relation to another. This allows the examiner and the administration to obtain the full scrutiny of problems and concerns. This review is very important. All these aspects require to be tackled in order to give the administration an apparent evaluation of the scheme. For instance, appliance software can be fine planned and executed with all the safety characteristics, and the defaulting user secret code inside the working system utilized on the server could not have been altered, thus permitting somebody to see the records files openly. a circumstance like this contradicts whatsoever precautions that was constructed into the appliance. similarly, technological system safety and firewalls might have been executed thoroughly, excluding the access controls and task definitions in the application software might have also been inadequately planned and executed where making use of the client IDs, workers might get to see vital and delicate data far ahead of their positions (Weber, 2002).. We should also appreciate that every examination might entail these aspects in different actions. Some reviews may inspect just one of the aspects or leave some of the aspects. It is however necessary to to carry out all of these aspects but it is not compulsory to carry out all of them in a single task. The set
  • 7. of skills needed for every aspect is dissimilar. The outcomes of each review should not be perceived the same as another. This will allow the examiner and the administration to get a complete view of concerns and difficulties. This review is very significant. threat based Approacheach organization utilizes several of systems of information. There might be diverse functions for diverse activities in addition to functions and there might be various workstation installations at diverse physical positions. The examiner is confronted with the difficulties of what to audit, at what time in addition to how regularly he should do so. The response to all this is to implement an approach that is threat based. whereas there are hazards intrinsic to the systems, the hazards crash diverse schemes in diverse ways. hazards of no availability can be severe even if it happens for an hour (Weber, 2002). hazards of illegal alteration could be a basis to potential losses as well as frauds to online bank system. A bunch dispensation scheme or an information merging system might be comparatively a little more susceptible to a number of these perils. The industrial surroundings on which the scheme operate on may also have an effect on the hazard connected by the system. The procedure that could be pursued for a threat based approach to creation of an review plan include: 1. Account for the information system in exercise in the business and classify them. 2. Decide on which of the system has vital assets or functions, for examle how close to actual time they function, decision making, customers, materials and money. 3. Evaluate which hazards influence the systems and their strictness of consequence on the company.
  • 8. 4. Categorize the schemes on basis of the above evaluation and settle on the review frequency, schedule, assets and priority. The auditor can then come up with an annual review plan that classifies the reviews that will be carried out during the period od of time according to the plan in adition to the assets that are necessary. Groundwork before instigating a review entails gathering of background data and examining the skills plus the resources needed to perform the review. This allows employees having the correct type of proficiency to be selected to the correct task. It is at all times good to have an official review beginning convention with the top administration answerable for the section under review to conclude the extent, recognize the extraordinary problems, if present, plan the date as well as clarify on the technique for the review. conventions like this should get topr administration concerned, permit individuals to meet up with one another, explain concerns and essential company worries as well as assist the review to be performed efficiently (Weber, 2002). References Weber, R. (2002). EDP Auditing. Conceptual Foundations and Practice. Hoelzer, D. (2009). Audit Principles, Risk Assessment & Effective Reporting. SANS Press. John, B. (2007). Public Sector Auditing: Is it Value for Money? Creating a culture of compliance Richard, C. (2007). Information system auditing; Auditor's Guide to Information Systems Auditing. High Tower SoftwareZENER, B. (2012). Public Sector Auditing: SANS Press.