Post on 22-Jan-2015
description
STEPS IN INFORMATION
TECHNOLOGY AUDITING
Presented By:
Shakti Dandia & Jigna Kothari
Reasons for selection of topicReasons for selection of topic
• Helps the student to gain the knowledge about auditing.
• Everyone is aware of the need for information security in today's
highly networked business environment.
• Information is arguably among an enterprise's most valuable
assets, so its protection from predators from both within and
outside has taken center stage as an IT priority.
1. Introduction
2. Audit process
3. Planning
4. Testing
5. Reporting
6. Follow up
7. Conclusion
“The process of collecting and
evaluating evidence to determine
whether a computer system safeguards
assets, maintains data integrity, allows
organizational goals to be achieved
effectively and uses resources
efficiently.”
DEFINATIONDEFINATION
IT audit is a broad term that includes:
WHAT IS IT AUDIT?WHAT IS IT AUDIT?
�Ensures asset safeguarding – ‘assets’ which include the following five types of assets:
•Data
•Application systems
•Technology
•Facilities
•People
�Ensures the seven attributes of data or information are
maintained.
OBJECTIVESOBJECTIVES
Planning
Testing
Documentation & reporting
Follow-up
• Identify
• Recognize
• Access
• Identify risk
• IT risk factor
• Business risk
factor
• Choose
• Establish
• Confirm
• Security
• Backup & Recovery
• Resource Management
• Web Site
ServersServers
PrintersPrinters
RoutersRouters
WorkstationsWorkstations
LaptopsLaptops
If itIf it’’s on the network s on the network
we scan it!we scan it!
Workstations Laptops Servers
We Test Computers That May Have Security Vulnerabilities!
WinAuditMSBA CIS Tools & Benchmarks
• University Relations Web Guidelines & Procedures•Web Development Best Practices
• Content Recommendations
• Templates
• Privacy Statement (Policy 7030)
• Web Server & Application Security
DocumentationDocumentation
•‘Auditors should adequately document the audit
evidence in working papers.
•It is the record of the audit work performed and
the audit evidence supporting audit findings and
conclusions
•Audit documentation is formal collection of Auditor
notes, Documents,Flowcharts,Correspondence,Results
of observation, The audit plan ,Minutes of meetings,
Computerized record, Data files or application results
�Demonstration of the extent to which the auditor has
complied with the Auditing Standards
�Assistance with planning, performance and review of
audits
�Facilitation of third-party/peer reviews
�Evaluation of the IT auditing function’s quality
assurance programme
�Support in circumstances such as fraud cases and
lawsuits
ReportingReporting
• provide a report in an appropriate form to intended recipients upon
completion of audit work.
•state the scope, objectives, period of coverage and the nature and
extent of the audit work performed.
• identify the organization, the intended recipients and any restrictions
on circulation
• state the findings, conclusions, recommendations and any
reservations or qualifications that the auditor has with respect to the
audit.
Content of audit reportContent of audit report
•Introduction
•Objectives, scope, and methodology
•findings
•Conclusions
•Recommendations
•Noteworthy Accomplishments
•Limitations
A Final Report is Sent
to
The Board of Visitors
•Follow-Up Actions are Based on Your “Management
Action Plan”
•Progress is Monitored
•Some Re-Testing May be Necessary
•Board of Visitors is Updated
•Audit is closed
FollowFollow--UpUp
• Reviewing the information technology audit report;
• Reviewing the management action plans related to the recommendations in the audit
report;
• Developing an audit approach for these issues;
• Interviewing responsible managers and examining pertinent documentation related to the
action plan
•RiskManagement
Follow up involvesFollow up involves
Bibliography & sources of Bibliography & sources of
informationinformation
• www.fca.gov
• www.technet.microsoft.com
• www.icaisa.cag.gov.in
• www.en.wikipedia.org
• www.collaborativegrowthnetwork.com
• www.hhs.gov
ANY QUERRY?
THANK
YOU!