1 / 13

Chapter 1: Overview of Systems Audit

Chapter 1: Overview of Systems Audit. Information Systems Audit. Examination of various controls in information systems Design and working of controls Process, practices, and operations. The auditor forms an opinion whether information systems safeguards assets,

marleen
Télécharger la présentation

Chapter 1: Overview of Systems Audit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 1: Overview of Systems Audit

  2. Information Systems Audit • Examination of various controls in information systems • Design and working of controls • Process, practices, and operations. • The auditor forms an opinion • whether information systems safeguards assets, • maintains data integrity, and • operates effectively and efficiently to achieve the agreed goals and objectives of the entity.

  3. Regulations IT Governance Policies Disaster Recovery Information System Environment Procedures Legal Issues Services Monitoring Documentation Hardware Internal Controls Software Information Audits

  4. Legal Requirement of Information Systems Audit • Sarbanes Oxley Act 2002 • Directions from various statutory and regulatory agencies • Even financial audit requires testing of adequacy and efficiency of internal control before expressing an audit opinion.

  5. Information System Assets • Information assets • Software assets • Physical assets • Other technical equipment • Services

  6. Optimizing Computerization • Systems audit focuses on • Standardization of hardware, operating systems, system software, and applications • Whether information flow is smooth and it’s integrity is not compromised. • Test of efficiency and search for emerging vulnerabilities. • Risk assessment for security breaches that may arise from communication and networking infrastructure.

  7. Optimizing Computerization • Systems audit focus (Cont’d) • Risk assessment for security breaches that may occur in the auditee organisation. • Assurance of migration and maintenance of data integrity. • Availability of human resources vis-a-vis success and failure of information technology projects. • Security maintenance for usage of plastic cards and e-commerce interface integrated in regular functioning of the auditee.

  8. General Controls • Organization and operation controls • Systems development and documentation controls • Hardware and system software controls • Access controls • Data and procedural controls • Business continuity control

  9. Application Controls • Input control • Processing control • Output control

  10. Objective Based Control Classification • Directive controls • Preventive controls • Detective controls • Corrective controls • Recovery controls

  11. Impact of Computers on Information • Transaction Initiation • Inputs • Authorisation • Movement of Documents • Transaction Processing • Complexity of Processing • Information Storage • Outputs • Filing of Documents • System of Back-up • Audit Trails • Procedure Manual • Monitoring & Supervision • Segregation of Duties • Changes in • The way of Working • Processing of Data • Storage of Data • Telecommunication • Data Accessibility • Security Methodology • Maintenance of data

  12. Impact of Computers on Auditing • Computerized audit trails • Interwoven complex systems • Transaction walkthroughs • Entropy in complex systems • Outsourced and distributed information

  13. Information Systems Audit Coverage • Hardware security issues • Software security issues • IS Audit Requirements • Conducting IS Audit • Risk based IS Audit • Auditing Disaster Recovery Plans • Auditing E-commerce Environment • Legal Framework • Security Testing • Information Security Grading (ISecGrade) Framework

More Related