STEPS IN INFORMATION

TECHNOLOGY AUDITING

Presented By:

Shakti Dandia & Jigna Kothari

Reasons for selection of topicReasons for selection of topic

• Helps the student to gain the knowledge about auditing.

• Everyone is aware of the need for information security in today's

highly networked business environment.

• Information is arguably among an enterprise's most valuable

assets, so its protection from predators from both within and

outside has taken center stage as an IT priority.

1. Introduction

2. Audit process

3. Planning

4. Testing

5. Reporting

6. Follow up

7. Conclusion

“The process of collecting and

evaluating evidence to determine

whether a computer system safeguards

assets, maintains data integrity, allows

organizational goals to be achieved

effectively and uses resources

efficiently.”

DEFINATIONDEFINATION

IT audit is a broad term that includes:

WHAT IS IT AUDIT?WHAT IS IT AUDIT?

�Ensures asset safeguarding – ‘assets’ which include the following five types of assets:

•Data

•Application systems

•Technology

•Facilities

•People

�Ensures the seven attributes of data or information are

maintained.

OBJECTIVESOBJECTIVES

Planning

Testing

Documentation & reporting

Follow-up

• Identify

• Recognize

• Access

• Identify risk

• IT risk factor

• Business risk

factor

• Choose

• Establish

• Confirm

• Security

• Backup & Recovery

• Resource Management

• Web Site

ServersServers

PrintersPrinters

RoutersRouters

WorkstationsWorkstations

LaptopsLaptops

If itIf it’’s on the network s on the network

we scan it!we scan it!

Workstations Laptops Servers

We Test Computers That May Have Security Vulnerabilities!

WinAuditMSBA CIS Tools & Benchmarks

• University Relations Web Guidelines & Procedures•Web Development Best Practices

• Content Recommendations

• Templates

• Privacy Statement (Policy 7030)

• Web Server & Application Security

DocumentationDocumentation

•‘Auditors should adequately document the audit

evidence in working papers.

•It is the record of the audit work performed and

the audit evidence supporting audit findings and

conclusions

•Audit documentation is formal collection of Auditor

notes, Documents,Flowcharts,Correspondence,Results

of observation, The audit plan ,Minutes of meetings,

Computerized record, Data files or application results

�Demonstration of the extent to which the auditor has

complied with the Auditing Standards

�Assistance with planning, performance and review of

audits

�Facilitation of third-party/peer reviews

�Evaluation of the IT auditing function’s quality

assurance programme

�Support in circumstances such as fraud cases and

lawsuits

ReportingReporting

• provide a report in an appropriate form to intended recipients upon

completion of audit work.

•state the scope, objectives, period of coverage and the nature and

extent of the audit work performed.

• identify the organization, the intended recipients and any restrictions

on circulation

• state the findings, conclusions, recommendations and any

reservations or qualifications that the auditor has with respect to the

audit.

Content of audit reportContent of audit report

•Introduction

•Objectives, scope, and methodology

•findings

•Conclusions

•Recommendations

•Noteworthy Accomplishments

•Limitations

A Final Report is Sent

to

The Board of Visitors

•Follow-Up Actions are Based on Your “Management

Action Plan”

•Progress is Monitored

•Some Re-Testing May be Necessary

•Board of Visitors is Updated

•Audit is closed

FollowFollow--UpUp

• Reviewing the information technology audit report;

• Reviewing the management action plans related to the recommendations in the audit

report;

• Developing an audit approach for these issues;

• Interviewing responsible managers and examining pertinent documentation related to the

action plan

•RiskManagement

Follow up involvesFollow up involves

Bibliography & sources of Bibliography & sources of

informationinformation

• www.fca.gov

• www.technet.microsoft.com

• www.icaisa.cag.gov.in

• www.en.wikipedia.org

• www.collaborativegrowthnetwork.com

• www.hhs.gov

ANY QUERRY?

THANK

YOU!