The document discusses the information system audit, which aims to evaluate the quality, effectiveness, and efficiency of a company's information systems. It does this through examining procedures, processes, technologies, data, and personnel to identify risks. The goals are to increase accountability, ensure best practices, understand system usage, assess strengths and weaknesses, and ensure reliability of financial reporting. It provides classifications of audits and outlines the required skills, areas, approaches, standards, concepts, tools, technologies, and documents involved in performing an information systems audit.

1. WHAT IS THE INFORMATION SYSTEM
AUDIT?
Axel KAPITA TSHISUYI
Information System Auditor|Project Management|E-governance|Business Analytics|Leadership|Web
Development| Author
2/16/2023 1

2. DEFINITIONS
The Information Systems Audit is a management
activity that aims to control the quality,
effectiveness, and efficiency in the execution of the
constituent elements of a company's Information
System (Data, software, processes, IT infrastructures,
project management, finances, Human resources,
tools and many more ) in the objective of
highlighting its SWOT (Strength, Weaknesses,
Opportunities, and Threats) in order to formulate
recommendations followed by actions-plan and a
behavior change policy.
2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 2

3. INFORMATION SYSTEM AUDIT PURPOSES
Generally, carrying out an information systems audit enables best dealing with current
problems, or even to anticipate them. This involves examining all the parties and all the
resources that come into play in its operation, in particular, it concerns essentially
procedures, processes, technologies, data, and personnel in order to detect the risks
that the company, through its system information, may not be able to achieve its
strategic objectives.
Specifically, the followings::
1. Increase accountability of stakeholders and shareholders;
2. Use of high-level good practice;
3. Understanding of the use made of all parts of the information system;
4. Assessment of strengths and weaknesses in order to support the business.
5. Assess the strategic and qualitative aspects of the information system;
6. An assurance of the reliability, sincerity, and fidelity of the financial statements;
7. Assess the Internal Control if it exists.
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
3

4. BENEFICIARIES
1. The Information Systems Department in the order to
assess its effectiveness and performance;
2. The Finance Department in order to assess the
resources involved and see the reliability, fidelity, and
regularity of the financial statements;
3. General Manager to get a clear insight into the
activity of each department;
4. Shareholders/stakeholders to get a clear insight into
their investments and the enterprise’s health;
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
4

5. CLASSIFICATIONS
We can classify different types of audits according
to the followings:
(i) their internal/external characteristics to the
audited structure; (ii) according to their specificities
(finances, information system security, project,
supply, stocks, purchases, studies, production, taxes,
and application compliances);
(iii) in terms of legal obligations (legal audit and
contractual audit).
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
5

6. SKILLS REQUIRED
1. Effective communication;
2. Time management;
3. Analysis and critical-mind;
4. Solving Problem Methods;
5. Data Analysis;
6. Information systems;
7. Finances and accounting;
8. Risks management;
9. Overall understanding of sector area,
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
6

7. FIELDS AREAS
1. Finances and accountings;
2. IT Networking,
3. Cyber security
4. Data Management;
5. Software;
6. Business Processes;
7. Human Resources;
8. Project Management;
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
7

8. APPROACHES
An audit approach is defined as a strategy, method,
or technique used by an auditor to carry out his
mission. Thus, generally we have the following:
1. Audit by an exhaustive approach (Full-audit);
2. Audit by analyzing Internal Control;
3. Audit by risk approach
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
8

9. EXECUTION PROCESS
1. Methodology definition;
2. Planning;
3. Work-Team designing;
4. Entity Understanding;
5. Risk assessment and analysis;
6. Investigations;
7. Reporting;
8. Recommendations following-up,
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
9

10. GENERAL STANDARDS USED
1. COBIT for the information systems governance and
any other one;
2. ITIL for IT services provision and any other one;
3. ISO 9001 for quality management;
4. ISO 27001 for information system security;
5. CMMI for software projects management and any
other one;
6. PMPI for project management;
7. ISA for general audit and accounting;
8. COSO for Internal Control;
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
10

11. ESSENTIAL CONCEPTS TO KNOW IN INFORMATION
SYSTEMS AUDIT
1. Information system assets
2. Evidence
3. Threat
4. Vulnerability
5. Impact
6. Audit trail,
7. Reliable Audit Trail
8. Framework
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
11

12. TOOLS AND METHODS
1. Gap Analysis;
2. Lean Six Sigma for quality;
3. Total Quality Management;
4. Reengineering Process for process Assessment;
5. PDCA;
6. Getting Things Done;
7. Who, What, Where, How, How much,Why? 5 whys
8. Brainstorming;
9. Ishikawa Diagram;
10. Mind Mapping;
11. Scoring board, SMART, RACI, Causes-effect diagram;
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
12

13. TECHNOLOGIES USED
1. Advanced Microsoft Excel;
2. Tableau Software;
3. Python programming;
4. SQL.
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
13

14. DOCUMENTS FOR CONSULTATION
1. Business Impact Analysis;
2. Internal regulations and standards;
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
14

15. THANKS YOU FOR READING
Contacts :
Links:
 https://www.linkedin.com/in/axel-kapita-1125a832/
https://www.amazon.fr/dp/B096TTDLMJ
https://public.tableau.com/app/profile/kapita.tshisuyi
E-mail: axelkapita@proton.me
2/16/2023
KINSHASA-RDC, AXEL KAPITA/2023
15