More Related Content
What's hot
What's hot (20)
Similar to Task 2
Similar to Task 2 (20)
Recently uploaded
Recently uploaded (20)
Task 2
- 1. Name: BibekChaudhary Type: Internship Department: GRCand IS Audit
- 2. IS Audit The process of collecting and examining the management of controls over an organization's information systems, processes, controls, and operations is known as an IS audit. The IS audit process determines if the components of the information systems that secure assets and ensure data integrity are operating successfully to fulfill the organization's overall goals and objectives by analyzing evidence gathered through the IS audit process. The audit reviews can be undertaken as part of a financial statement audit, internal audit, or other types of attestation engagement. IS Audit cover following categories. - Systems & Applications: A focus on an organization's systems and applications. - Information Processing Facilities: Ensuring that IT procedures run smoothly, on time, and accurately, regardless of the circumstances. - System Development: Determine whether or not the systems in development are compliant with the organization's standards. - IT and Enterprise Architecture management, as well as ensuring that IT management is structured and activities are carried out in a regulated and effective manner. The IS Audit involving auditing the management, operational and Technical Controls. Importance of IS Audit an Organization Since 2019, the government of many nations, including Nepal, has made it necessary for certain types of firms to do an IS audit. When an institution conducts an IS audit, it can examine its information system's gaps and weaknesses, identify potential sources of threats, assess information misuse, and identify high-risk elements. The primary goal of an IS audit is to assist the organization's information system managers in effectively carrying out their jobs and responsibilities in order to achieve the organization's objectives, as well as to improve correct decision-making and data and information security. Tracing one's data might also aid in data recovery if an error has occurred. Legalities in Nepal The Nepal Rastra Bank's IT policy and IT Guidelines guide IS audit regulations (2012). According to the guidelines, an organization must take the necessary steps to make its employees, contractors, and consultants aware of the company's IS policy and to ensure that
- 3. they follow it, which can be accomplished through proper employment information, employee agreements, policy awareness, and acknowledgment. They must also undertake Risk Assessments on a regular basis, at least once a year, within an agreement of technological operations that can have a significant influence on the organization's business and reputation, and respond accordingly. Major Focused Areas Governance and Management of IT IT governance is a formal framework that gives organizations a mechanism to ensure that their IT investments support their business goals and the needs of their stakeholders. They necessitate periodic evaluations to prevent obsolete information from exposing the firm to uninvited risks or noncompliance. We look at whether IT Strategy, IT-Related Frameworks, IT Standards, Policies and Procedures are being followed correctly or not by comparing them to industry guidelines and best practices. These are critical because they direct the work force and ensure proper resource utilization. Information Systems Acquisition, Development and Implementation It covers how IT auditors provide assurance that the practices for the acquisition, development, testing, and implementation of IS meet the organization’s strategies and objectives. We examine the Business Case and Feasibility Analysis and test the system development methodologies and ensure the Post- implementation Review are also made as it ought to be. Protection of information Assets Understanding of the value of information asset is a key consideration for information systems management. It includes the comprehensive list of Mobile, Wireless, and Internet-of-Things (IoT) Devices - computer equipment, phones, network, email, data and any access-related items such as cards, tokens and password etc. This area of focus aims to provide assurance that the information assets’ confidentiality, integrity and availability are ensured by the enterprises’ security policies, standards, procedures and controls. Information Systems Operations & Business Resilience Business resilience planning is a governance and risk management responsibility that organization must address to enable them to survive and thrive in an increasingly hostile environment. It encompasses crisis management and business continuity plans to various types of risk that an organization may face, from cyber threat to natural disaster, and much else besides. As well as , business resilience relates the ways an organization addresses the consequences of the incidents and the ability of an organization to adapt to the new environment
- 4. and circumstances following that incident. We examine organization’s Business Impact Analysis, Business Continuity Plan, Disaster Recovery Plans, Data Backup, Storage, and Restoration and System Resiliency and conclude if the organization has successfully been able to overcome the incidents if any. Audit Methodology We follow ISACA guidelines for the audit along with the best industry practices and incorporate various IT framework, Guidelines & Standards like COBIT 5, ISO 270001, NIST Framework, NRB IT guidelines, NTA Cyber Byelaws, ITIL, PCI DSS etc. wherever necessary. We also have partnered with foreign based leading cyber security companies to serve our valuable clients wherein the expert resources are required.