Professional Documents
Culture Documents
IS Auditing
IS Auditing
Acquisition, Development,
and Implementation
Audit and IS Audit
An audit is systematic and repeatable process whereby a
competent and independent professional evaluates one or more
controls, interviews personnel, obtains and analyzes evidence,
and develops a written opinion on the effectiveness of the
control(s).
Could be:
• To determine whether controls exist and are effective.
• As required by regulations, compliance, or legal obligations.
• As the result of a serious incident or event.
Types of Audits
• Operational audit
• Financial audit
• IS audit
• Compliance audit
• Fraud audit
• Service provider audit
Internal vs External Audit
• Internal audit is performed by personnel employed by the
auditee organization. Internal auditors typically still have a
degree of independence through their locations on the org
chart.
Includes:
• Frequent notifications to auditors and control owners on audit results
• Triggers to notify auditors and control owners of control failures and
other exceptions
Scope of IS Audit
• Audit of SDLC
• Requirements
• Feasibility Study
• Design
• Software acquisition
• Development
• Testing
• Implementation
• Post-implementation