OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING

NORHAFIZAH BINTI ABDUL MUDALIP221601

YAP YONG TECK228407

TAN YUAN JUE226491

TAY QIU JIE227495

GROUP MEMBER:

Information System Auditing

Data integrity

Support traditional

audit

Goals achieved

effectively

Law & regulation

Safeguards assets

1.4 Demand for IS Audit

Q: What is the demand for IT/IS audit professionals?

A: It is increasing. According to CNN Money, IT audit is one of the fastest-growing professions, with 22 percent to 30 percent growth estimated for 2008-2018. Organizations are looking for IT audit professionals to assess and recommend ways to mitigate the impacts of today’s technology risks.

• Accounting scandals in recent years point to a need for more monitoring and oversight.

• So, as IT is becoming more complex and pervasive, the need for auditing is also on the rise. Thus, IT auditors are going to be in demand.

• The growth in information technology capabilities and the effects of the Sarbanes-Oxley Act and other legislation are driving demand for information technology auditors in public, private, non¬profit and government sectors.

• Graduates may find jobs as information systems auditors or risk managers in the Big 4 accounting firms, risk management consultants in financial services industries.

1.5 Management of IS Audit Function

The services of IS audit• IT Governance - reviews of the organization’s fiduciary responsibility in satisfying the quality of IT

delivery services while aligning with the business objectives and establishing an adequate system of internal controls.

• Information Systems - focus on security controls of physical and logical security of the server including administration of server accounts, system logging and monitoring, and system backup.

• Integrated Audits - reviews of the business operations and their dependency of automated systems to support the business process. From the technology perspective, the audit focuses on application controls, administration of user access, application change control and backup and recovery to assure reliability, integrity and availability of the data.

• Control Self-assessments - Control Self-assessments are designed for department that manages and operates a technology environment. These self-assessment tools can be used to identify potential areas of control weakness in the management of the technology environment.

• Compliance - Compliance audits include Payment Card Industry(PCI), the Health Insurance Portability and Accountability Act (HIPAA), and any other applicable laws and regulations.

Area of IS audit• Systems and Applications. To verify that systems and applications are appropriate, are efficient,

and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity.

• Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.

• Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards

• Management of IT and Enterprise Architecture: To verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for Information Processing.

• Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that telecommunication controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.

Type of IS audit• Technological innovation process audit. The audit will assess the length and depth of

the company's experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure.

• Innovative comparison audit. This audit is an analysis of the innovative abilities of the company being audited, in comparison to its competitors.This requires examination of company's research and development facilities, as well as its track record in actually producing new products.

• Technological position audit: This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing" or "emerging".

1.6 Of IS Auditor

ROLE OF IS AUDITOR

Analyzes and interprets many different types of computer or information systems within a company or organization

Developing and maintaining a company’s information systems

Maintains and develops computerized audit software

Prepare and presents written and oral reports and other technical information management

Follow up on audit findings to ensure that management has taken corrective action

Ensure there is no fraudulent activity, unnecessary spending, or non compliance with the laws and regulations

ISACA CertificationsCertified Information Systems Auditor (CISA)

Certified Information Security Manager (CISM)

Certified in the Governance of Enterprise IT (CGEIT)

Certified in Risk and Information Systems Control (CRISC)

THANK YOU