Scribd Logo
Upload

Welcome to Scribd!

  • Practical It Audit

    Uploaded by

    dandisdandis
    17 views21 pages
    course brochoure

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    course brochoure

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views21 pages

    Practical It Audit

    Uploaded by

    dandisdandis
    course brochoure

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    Practical IT Audit

    How to Audit?
    Problems
    Policies > Not operator Processes > Not follow

    Solve Problems
    Compliance > Policies, Regulation, LAW
    Form Tools > CASE, CAAT

    Continuous Auditing
    Accounting & Financial IT

    IT&IS Auditor
    IS Auditor

    Management > a Critical Application Routine Purpose & Scope

    Planning IT Audit
    IT & IS Auditor > Business Environment > Business Impact
    Risk Assessment
    Threats x Assets x IT Processes = Vulnerabilities >> Risk

    Auditing Plan
    Control Objective > IT Control (Administrative Control, Management Control, Operation Control) Time & Resources

    Dictionary
    Control Objective
    ISO 27001

    IT Control
    Administrative Control > Function Management Control >Roles

    Policies

    Effect of Risk
    Preventive Risk Detective Risk Corrective Risk Example > Back up > Control Objective > Administrative Control, Management Control

    IT Audit
    (preliminary review) (detail review) (compliance testing)
    Compensating Controls

    (substantive testing)


    : : :


    System > Components > Sub Systems Sub systems
    Management Sub System Application Sub System Administrative Sub system

    Management Sub System


    Top management controls Information systems management Systems development management Programming management Data administration Security administration Operations management Quality assurance management

    Application Sub System


    Boundary controls Input controls Communication controls Processing controls Database controls Output controls


    Hardware Software People Transmission media Processing

    Preventive control
    Expected = probability of unlawful events Loss

    Detective and Corrective controls

    amount of loss


    Board of Directors Goals of Internal Control Management Controls asset safeguarding u maintaining data integrity u achieving system effectiveness and efficiency
    u

    Management

    Accounting controls Application controls

    Systems

    Subsystems

    Components

    Risks Threats

    A subsystem is reliable only if the components that perform the basic activities are reliable

    Reliability of a component is a function of the controls that act on that component 16


    Average Loss Expected
    Use Controls to

    Expected Frequency
    Reduce Frequency

    Average Loss Reduce Loss Minimize Amount Subject to Loss Minimize Impact of Loss
    17

    Reduce Frequency of Error Occurrence Reduce Opportunity for Error


    Authenticity controls Accuracy controls Completeness controls Redundancy controls Privacy controls Audit trail controls Existence controls Asset safeguarding controls Effectiveness controls Efficiency controls



    ( ) ( )

    Type of Document
    QM > Quality Management > Policies QP > Quality Procedures > Processes WI > Work Instruction (Processes) F > Form > Read/Write SD > Support Document > Read > example: document, manual, report

    Control Document
    Code Description Version control Example
    QM-07-01-rev1 QM-07-01-01 QM-07-0001 > QM-07-0002 > Master list (RFC > STD, FYI, BCP)

    You might also like