ten top emerging it audit isssues: the ugandan perspective as part of the monthly presentation...
Post on 21-Dec-2015
215 views
TRANSCRIPT
![Page 1: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/1.jpg)
TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVEAS PART OF THE MONTHLY PRESENTATION SERIES.June, 2011BY
KETO NYAPENDI KAYEMBAASSISTANT AUDITOR GENERAL
PRESIDENT, ISACA KAMPALA CHAPTER
![Page 2: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/2.jpg)
Content• Introduction• The main audit issues
▫ Issue▫ Risks▫ Recommendation
• Conclusion
![Page 3: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/3.jpg)
ICT in Uganda
Economy
NDP:Science
and technolo
gy - strategicRapid
deployment of
emerging
technologies
creates risk
Deficiencies in IT controls
; significa
nt impact
Misaligned
technology will
fail
Las Vegas
Uganda: a
growing economy
IT security, audit and governanc
e in Uganda
![Page 4: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/4.jpg)
Summary
1. Mobile devises & wireless tech2. Social networking3. Malware4. Major government systems5. Regulation6. Cloud computing7. Virtualization8. Database management9. Business continuity & Disaster
preparedness 10. Fraud
![Page 5: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/5.jpg)
1.Mobile devices• Rapid expansion of handheld devices(evermore powerful)• Huge increase in mobile users & applications• The boundaries have expanded through 3G and 4G + Wi
Fi and WiMAX
• Risks▫ Very vulnerable, susceptible to malicious attacks▫ Information interception and Loss of critical business
data▫ Security and identity management an issue▫ Denial of service▫ ERP integration issues
• Recommendation▫ Managing information risks without stifling innovation
critical to value creation▫ Get inventory of mobile devices and their applications
(mcommerce). Understand the policies and procedures.
Boundaries have
expanded – not physical.
Smartphones, I pads, m commerce.Mobility enables: flexibility, availability, innovation and
increased productivity.
![Page 6: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/6.jpg)
Uses of social media technology is
here.:-Face book-Linked in
Risk• Brand
protection• Unauthorised
access to confidential data
• Disruption / denial of service
• User ignorance
Recommendation• Have an
inventory of social medial usage
• Establish existing policies, procedures & controls
• Amend audit plan to take care of the compliance & security needs.
2. Social networks
Security needs•Identity protection•User awareness of security needs•Organization data safety
![Page 7: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/7.jpg)
3. Malware/cyber attacks• Increase in sophistication of malware - malicious code• More avenues of execution ie mobile devices, social networks.
Work at home issues. • New generation threats/attacks are now supported by
organised criminal groups, state sponsored• Risks
▫ New platforms allow more organisation data to be accessed and pushed outside the old perimeter firewall
▫ Loss or theft of critical information; intellectual property▫ Cash impact▫ Denial of service
• Recommendation▫ Understand organisation approach to malware identification, isolation
& remediation▫ Consider impacts beyond traditional spam ware/firewalls ie remote
users, mobile devices▫ Consider update schedules and monitoring ( beyond responsiveness to
patch updates)▫ Look at hardening of critical devices and access points▫ Have vulnerability assessments and detection procedures
![Page 8: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/8.jpg)
3b. The use of the internet in business operations• Use of the internet in business operations. • Risks
▫ Malicious code importation▫ Theft of identity related information – credit card
info, ▫ Disruption and Denial of service
• Recommendation▫ Sensitisation of users on how to transact business on
the web▫ Proper protection of the sensitive areas using
antivirus, ▫ Browsing protection▫ Limit storage of identity related information▫ Encrypt any information that needs to be stored.
![Page 9: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/9.jpg)
4. Major government systems• Ministry of ICT• NITA• National identity card• Electronic register• Integrated Financial Management system• Integrated payroll system.• Risks
▫ Ignore Governance, Control and Security issues▫ Duplication▫ Too many legacy systems – lack of value for money
• Need for ▫ Alertness▫ Assertiveness▫ Use alliances – Ie chapter▫ Preparedness▫ Involvement
•IT governance recognition -at the board level•Strategic use of IT for achievement of business objectives•Control practices well defined•Necessary oversight
![Page 10: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/10.jpg)
5.Regulation• Strong need for regulation
▫ ICT laws being put in place▫ Regulations to follow▫ Need for compliance
• Protection : business robustness, national assets• Risks
▫ Not having sufficient numbers of ICT professionals to manage the assets
• Recommendation ▫ More prominence for SAG professionals▫ Need for skill acquisition.▫ Need for knowledge acquisition
![Page 11: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/11.jpg)
6.Cloud computing• A mode for enabling convenient, on demand network access to a
shared pool of configurable computing resources:▫ Infrastructure as a service, IaaS ▫ Platform as a service, Paas▫ Software as a service, SaaS
• Sensitive data are no longer stored in a server farm controlled by the business, but rather in systems connected to the web and probably not owned by the business.
• Risks▫ Sustainability – reputation of provider▫ Confidentiality and availability of data▫ Third party access to data (competition)▫ Data ownership & Loss of data in a disaster situation.
• Recommendation▫ Ensure business objectives and risks that accompany the cloud are
identified and understood▫ May need to adjust business IT governance and security policies▫ Ensure there is a mechanism to ensure compliance with policy set
• Supplier gives more flexible, available, resilient and efficient IT services
• Increased ROI• Reduced cost• Increased risks
![Page 12: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/12.jpg)
7 Virtualisation: Software technology that divides a physical resource , such as a
server, into virtual
resources called virtual
machines. VM’s. By 2012, 50% of servers
will be virtualised throughout the world.
Studies show.
Risks• Architectura
l vulnerability
• Software vulnerability
• Configuration risks
Recommendation• Policies and
procedures: disaster recovery & backup, data protection
• Ensure proper understanding by the organisation
• Roles & responsibilities clearly defined & documented
• Proper training of staff
• Following of set regulation
![Page 13: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/13.jpg)
8.Database management• Regulation on types of data to
be stored• Identification of location of
data• Need for categorization of
sensitive data to enable better security management
• The cloud and mobile devices are a challenge.
• Risks▫ Regulatory penalties▫ Brand protection▫ Identity management▫ Privacy▫ integrity
• Recommendations▫ Assess level of adequacy of
current business requirements▫ Understand emerging
regulations▫ Corporation policies on
storage of PII▫ Identify specific data
management controls▫ Perform focused procedures
•Where is the data stored?•Where is personal data stored•How large is the data, is it all necessary •For how long is it needed
![Page 14: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/14.jpg)
9. Business continuity and disaster preparedness• Provide continued existence and operation of the
organisation – assure continued operation.
•Risks▫ Loss of critical data▫ Slow rate of restart▫ Lack of employee awareness of BCP▫ Untested/unmodified plan.
•Recommendation▫ Identify all business processes▫ Ensure they are all catered for in the BCP▫ Ensure plan incorporates all aspects: ie chain of command, employee
management and safety, vendor management, supply chain management.
▫ BCP should be tested and modified periodically
![Page 15: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/15.jpg)
10. IT perpetuated Fraud
Fraud
![Page 16: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/16.jpg)
What else did I bring back from Vegas
The monthly meetings
a blessingUse
ISACA resourc
es
•adopt•Popularise•Participation in regulation formation•Recruit more SAG professionalsISACA’s
resource is its people
•African is unique, with unique problems , slightly slower
•our role to do the research
•share our area issues with the others
•contribute in the research topics
![Page 17: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/17.jpg)
Your role
Provide security
skills
Provide audit skills
Provide governance
guidance
Do your part
![Page 18: TEN TOP EMERGING IT AUDIT ISSSUES: THE UGANDAN PERSPECTIVE AS PART OF THE MONTHLY PRESENTATION SERIES. June, 2011 BY KETO NYAPENDI KAYEMBA ASSISTANT AUDITOR](https://reader030.vdocuments.site/reader030/viewer/2022032522/56649d6b5503460f94a4a7e0/html5/thumbnails/18.jpg)
Thankyou