html5-img
1 / 31

IS4680 Security Auditing for Compliance Unit 10

IS4680 Security Auditing for Compliance Unit 10 Qualifications, Ethics, and Certifications for IT Auditors. Class Agenda 8/22/16. Covers Chapter 15 Learning Objectives Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities.

lindafwilliams
Télécharger la présentation

IS4680 Security Auditing for Compliance Unit 10

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IS4680 Security Auditing for Compliance Unit 10 Qualifications, Ethics, and Certifications for IT Auditors

  2. Class Agenda 8/22/16 • Covers Chapter 15 • Learning Objectives • Lesson Presentation and Discussions. • Discussion on Assignments. • Discussion on Lab Activities. • Lab will be perform in class. • Break Times as per School Regulation • Final Project Due in the next class. • Final Exams will be held in the next class.

  3. Learning Objective • Describe the qualifications, ethics, and certification organizations for information technology (IT) auditors.

  4. Key Concepts • Significance of IT auditing career pursuits • Professional ethics and integrity of IT auditors • Codes of conduct for IT auditors • Acceptable use policy (AUP) between employee and employer • Certification process and accreditation for IT auditing

  5. EXPLORE: CONCEPTS

  6. Qualifications and Ethics for IT Auditors • Auditors have an important duty to evaluate organizational controls. • IT auditors need to practice strong ethical behavior and demonstrate integrity and objectivity.

  7. Certification for IT Auditors • Certification programs are available that are more aligned to information-system auditing and assurance. • Nearly all organizations that provide IT-auditing services have their own codes of conduct and ethical standards.

  8. Certification for IT Auditors (Continued) • Professional organizations for IT auditors, such as Information Systems Audit and Control Association (ISACA) and the Institute of Internal Auditors (IIA), also have codes of ethics

  9. Codes of Conduct for IT Auditors  The IIA code of ethics has four principles: • Integrity—Honesty and standing firm to moral obligations help to establish trust: • This is critical as organizations rely on auditors for their professional judgment.

  10. Codes of Conduct for IT Auditors (Continued)  • Objectivity—Auditors need to make a fair assessment of activities and processes being examined without being unjustifiably influenced by their own or others’ interests.

  11. Codes of Conduct for IT Auditors (Continued)  • Confidentiality—Like therapists who are privy to the personal details of their clients, auditors are entrusted with access to valuable information about their client organizations: • This information should not be disclosed without proper authority or other legal obligation.

  12. Codes of Conduct for IT Auditors (Continued)  • Competency—Auditors are successful in their duties by applying their knowledge, skills, and experience to their work.

  13. Separation of Employer and Employee • Companies listed on public stock exchanges are, in many cases, required to adopt a code of conduct.

  14. Separation of Employer and Employee (Continued) • Requirements aside, a code of conduct provides organizations with following benefits: • First, it enhances the organization’s values and beliefs and it helps establish a strong culture based on the vision and mission of the organization. • Next, a well-implemented code of conduct will build respect as well as enhance the organization’s reputation. • Finally, it will help guide the organization and its people away from unethical and illegal behavior.

  15. Separation of Employer and Employee (Continued) • All employees, including auditors, are expected to comply with their organization’s code of conduct: • Auditors, however, are also responsible for verifying and testing their clients’ codes of conduct.

  16. Certification for IT Auditors Following certification streams are available in the auditing field: • IIA—Perhaps the oldest and established in 1941 • Certified Internal Auditor (CIA) certification • Certification in Control Self-Assessment (CCSA) • Certified Government Auditing Professional (CGAP) certification

  17. Certification for IT Auditors (Continued) • Certified Financial Services Auditor (CFSA) certification • Certified Information Systems Auditor (CISA) certification • Certified Information Security Manager (CISM) certification • Certified in Risk and Information Systems Control (CRISC) certification

  18. Certification for IT Auditors (Continued) • Certified in the Governance of Enterprise IT (CGEIT) certification • Global Information Assurance Certification (GIAC) (several designations)

  19. EXPLORE: PROCESSES

  20. Certification Process and Accreditation • Research various certifications available and become familiar with the process and requirements. • Maintain certification once achieved.

  21. EXPLORE: ROLES

  22. Roles and Responsibilities • IT Auditors • Responsible for conducting information security or IT audits following all proper ethical and professional guidelines. • Senior Managers • Support the auditing process and provide funding for ongoing compliance-related assurance procedures.

  23. Roles and Responsibilities (Continued) • IT Managers • Support the assurance efforts within the technology departments and provide inputs for compliance requirements.

  24. EXPLORE: CONTEXTS

  25. Codes of Conduct for IT Auditors Based on Organization Types • Auditors have the same codes of conduct no matter the organizational size or type. • Auditors must follow codes of conduct that are produced within the organization while these very codes of conduct are actually audited by the same auditors. • In an organization, auditors are considered as friends, and they help the organization to stay in compliance.

  26. EXPLORE: RATIONALE

  27. Need for Highest Professional Conduct • The IT-audit profession continues to grow and is supported by several professional organizations. • IT auditors need to strongly adhere to ethical codes and be in constant pursuit of continued education.

  28. Need for Highest Professional Conduct (Continued) • There are numerous educational opportunities for those just entering the profession or those looking for growth. • Organizations such as the IIA and ISACA provide a tremendous amount of resources for the profession.

  29. Significance of IT Auditing Career Pursuits • Practitioners within audit, IT, or a combination of both should strongly consider membership and take advantage of the educational and certification opportunities.

  30. Summary • In this presentation, the following were covered: • Qualifications, ethics, certifications, and codes of conduct for IT auditors. • Process of certification and accreditation for IT auditors • Importance of highest professional conduct for IT auditors

  31. Unit 10 Assignment and Lab • Discussion 10.1 Acceptable Use Policy (AUP) • Lab 10.2 Professional Information Systems Security Certifications––Charting Your Career Path • Assignment 10.3 Codes of Conduct for Employees and IT Auditors

More Related