Professional Documents
Culture Documents
IT Overview
Introduction
The demand for IT auditors outweighs the supply of
qualified candidates due to advances in
technology and appreciation of the profession in
the business sector.
Not only IT auditors are in demand, but their work is
interesting and challenging.
IT auditors evaluate an entitys information
system. This may include examining
documents and interviewing people as well.
These must be done because businesses processes
use IT to function and IT is likely to be integral
to an entitys viability
AFRICA. DATOR. FRANCISCO. YU
Impact of IT in Organizations
IT influences organizational risks and controls
IT creates opportunities but carries with them
many kinds of risks
Example:
Ability to transmit documents electronically to
customers and vendors
Opportunity: Improved efficiency in the supply
chain
Risk: Potential failure of electronic communication
IT GOVERNANCE
IT GOVERNANCE
Objective of IT Governance:
To set strategies for IT so that it is
closely aligned with organizational
goals and to use IT for maximum
opportunity but minimum risk.
The first part concerns the use of IT to
promote organizations objectives and
enable business processes.
The second part involves managing and
controlling IT- related risks.
AFRICA. DATOR. FRANCISCO. YU
IT GOVERNANCE
This process begins with the development
of an IT governance plan. Such plan will
help set the strategic course of IT
acquisition and deployment or use.
IT governance is an ongoing process and
management needs to regularly evaluate
and update plans.
IT GOVERNANCE INSTITUTE
The Information Systems Audit and Control
Association (ISACA) established IT Governance
Institute in 1998.
This institute exists to clarify and provide
guidance on current and future issues
pertaining to IT governance, control and
assurance.
It developed CobiT and COEG
CobiT provides guidance on IT governance by
providing the structure that links IT processes,
IT resources and information to enterprise
strategies and objectives
Guideline:
Governance over information technology and its processes
with the business goal of adding value, while balancing risk
versus return, ensures delivery of information to the
business that addresses the required Information Criteria
and is measured by Key Goal Indicators, is enabled by
creating and maintaining a system of process and control
excellence appropriate for the business that directs and
monitors the business value and delivery of IT, considers
Critical Success Factors that leverage all IT Resources
and is measured by Key Performance Indicators.
IT GOVERNANCE FRAMEWORK
Provide
Direction
Set Objectives:
-IT is aligned with
the business
-IT enables the
business and
maximizes benefits
-IT resources are
used responsibly
- IT- related risks
managed
appropriately
Compare
IT Activities
-Increase
automation (make
business effective)
-Decrease cost
(make enterprise
efficient)
-Manage risks
(security reliability
and reliance)
Measure
Performance
IT AND TRANSACTION
PROCESSING
Part of IT governance concerns controlling
IT risk. This is important in enterprises
because management uses IT to process
data about ongoing transactions or events.
A computerized information system for
transaction processing may increase
some risks and decrease others.
Example 1:
In sales, compare a sales clerk who manually
records data may make an data entry error
with a computer system that scans an
inventory barcode that will not make that
mistake.
Therefore, it decrease the risk
Example 2:
WORK OF AN IT AUDITOR
WORK OF AN IT AUDITOR
Basically, an IT auditor can provide assurance
or give comfort over just about anything
related to information systems, but some of
the specific types of engagements an IT
auditor might perform include:
Evaluating controls over specific
applications
Providing assurance over specific
processes
Providing third-party assurance
Penetration Test
Supporting financial audit
AFRICA.
FRANCISCO.
Searching
for DATOR.
IT-based
fraud YU
IT Audit Skills
Technical Skills
IT Audit Skills
Communication Skills
Interpersonal Skill and Teamwork
Business Education
Decision Sciences
Structuring IT Audits
Types of IT audits
1. Attestations or agreed-upon procedures audits
2. Statement on Auditing Standards #70 auditsservice organization has been through an in-depth
audit of their control objectives and control
activities, which often include controls over
information technology and related processes.
3. IT audits in support of external financial audits
4. Findings and recommendations reviews
COBIT FRAMEWORK
ISSUE
Good IT governance
Possible KEY
COBIT Framework
AFRICA. DATOR. FRANCISCO. YU
COBIT FRAMEWORK
Review
One of many Control frameworks developed to help
companies develop good internal control.
Developed by the IASCF (Information System Audit and
Control Foundation)
Allows
1. Management to benchmark other IT practices.
2. Users of IT services to be assured that adequate
security and control exist
3. Auditors to substantiate their opinions on
internal control and advise on IT security and control
matters.
AFRICA. DATOR. FRANCISCO. YU
COBIT FRAMEWORK
Review
COBIT FRAMEWORK
ccording to ISACA:
Accepted
COBIT FRAMEWORK
ISACA:
How does COBIT support the governance of
IT?
COBIT supports IT governance by
providing a framework to ensure that:
IT is aligned with the business
IT enables the business and maximizes
benefits
IT resources are used responsibly
IT risks are managed appropriately
AFRICA. DATOR. FRANCISCO. YU
COBIT FRAMEWORK
ccording to ISACA:
Man Risk
age
me
nt
e
a nc t
form en
Per surem
Mea
COBIT FRAMEWORK
ccording to ISACA:
COBIT FRAMEWORK
SACA updates
ISACA has started on a multiyear strategic initiative
to develop the next generation of the COBIT
Framework, COBIT 5, and supporting products.
Building on more than fifteen years
of practical use of COBIT by many IT professionals
from the business, IT, risk management, security
and assurance communities, the COBIT 5
deliverables will be designed to meet
the current and future needs of stakeholders and
align with the most up-to-date thinking in enterprise
governance and IT management practices
AFRICA. DATOR. FRANCISCO. YU