Upload
yasir-khan
View
163
Download
3
Embed Size (px)
DESCRIPTION
Information System Architecture and Audit Control
Citation preview
Information System Audit and Control
Lecture No 2
IS Audit Resource Management
• The IS technology is constantly changing.• The IS Auditors maintain their competency
through updates of existing skills and obtaining trainings of new audit techniques.
• The IS auditor should be technically sound and should maintain technical competence through continuing professional education.
IS Audit Resource Management (Cont’d)
• A detailed staff training plan should be drawn based on technology and risk issues of an organization.
• The trainings should be arranged at least semi-annually.
• The IS audit management provides necessary IT resources needed to perform IS audits of a highly specialized nature (e.g software scanners for network intrusion tests).
Audit Planning
• Short term planning– Takes into account audit issues that will be
covered during the year.• Long term planning– Takes into consideration risk-related issues which
may affect the organization’s IT environment.• The planning of future audit activities should
be reviewed by senior audit management and approved by audit committee.
Audit Planning (Con’d)
• During audit planning, the IS auditor must have an understanding of the overall environment under review.– Various business practices and functions– Types of information systems– Supporting technology
• The IS Auditor should:– Gain an understanding of business’s objectives– Information and processing requirements
Audit Planning (Con’d)
– Identify policies, standards and guidelines– Perform risk analysis– Conduct IS control review– Set audit scope and audit objectives– Develop audit approach or audit strategy
• Identifying available audit resources and assigning appropriate tasks.