Information System Audit
1) Introduction to IT audit, purpose
Types of IT audits, history of IT audit, major events that have prompted the use of and been solved using IT audit techniques. IT Audit process outline; process and phases. Planning the audit, materiality, risk assessment.
2) Effective information system audit. Evaluation of controls, types and tests of controls. Audit sampling, sampling methods, sample evaluation. 3) Audit automation and system testing: Computer assisted audit techniques. Traditional vs modern audit tools, Specialized audit software benefits and functions. Applications of CAATs. 4) Production of audit programmes. Evidence, Issuing reports, types of reports, followup activities, assessing the audit, preserving evidence. 5) Role of audit in systems development.
6) Computer forensics: definition, the forensic process, information ferensics and its applications. 7) COBIT: Control Objectives for Information and related Technology, definition, release history, cobit framework, COBIT structure, other standards. 8) ISACA: Definition, history, current status, publications.
9) CSA and ITGI.
An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. An IT audit is the process of collecting and evaluating evidence of an organization's information systems, practices, and operations. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively and efficiently to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.
PURPOSE OF IT AUDITS:
An IT audit should not be confused with a financial statement audit. While there may be some abstract similarities, a financial audit's primary purpose is to evaluate whether an organization is adhering to standard accounting practices. The primary functions of an IT audit are to evaluate the system's efficiency and security protocols, in particular, to evaluate the organization's ability to protect its information assets and properly dispense information to authorized parties. The IT audit's agenda may be summarized by the following questions: • Will the organization's computer systems be available for the business at all times when required? (Availability) • Will the information in the systems be disclosed only to authorized users? (Confidentiality) • Will the information provided by the system always be accurate, reliable, and timely? (Integrity) The IT audit focuses on determining risks that are relevant to information assets, and in assessing controls in order to reduce or mitigate these risks. By implementing controls, the effect of risks can be minimized, but cannot completely eliminate all risks.
Types of IT audits
Various authorities have created differing taxonomies to distinguish the various types of IT audits. Goodman & Lawless state that there are three specific systematic approaches to carry out an IT audit . • Technological innovation process audit. The aim of this audit is to construct a risk profile for existing and new projects. The audit will assess the length and depth of the company's experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure. • Innovative comparison audit. This audit, as its name implies, means conducting an analysis of the innovative abilities of the company being audited, in comparison to its competitors. This requires examination of company's research and development facilities, as well as its track record in...
Please join StudyMode to read the full document