Professional Documents
Culture Documents
M1 - Auditing in CIS Environment
M1 - Auditing in CIS Environment
M1 - Auditing in CIS Environment
ACT1208
MODULE 1
• IT is EVERYWHERE
• Computers are both broadly and deeply useful in the business world
• IT has impacted significant areas of the business environment, including the use and
processing of information, the control process, and the auditing profession
IT ENVIRONMENT
DATA &
CONTROL PROCESS AUDIT PROFESSION
INFORMATION
Technology allows business Technology has significantly Technology has impacted the
decision makers to capture, impacted the control process auditing profession in terms of
store, analyze, and process around systems. how audits are performed
massive amounts of data and Although control objectives have (information capture and
information. generally remained constant, analysis, control concerns) and
except for some that are the knowledge required to draw
Technology has increased technology specific, technology conclusions regarding
budgets, successes, and has altered the way in which operational or system
failures, resulting in a better systems should be controlled. effectiveness, efficiency, and
understanding of control as a Safeguarding assets, as a reporting integrity.
residual effect. control objective, remains the
same whether it is done
manually or is automated.
TECHNOLOGY SYSTEMS IMPACTING
IT ENVIRONMENT
E n te r p r i s e Re s o u rc e M o b i l e D ev i c e
Cloud Computing In te r n e t o f Th i n g s
P l a n n i n g (E R P) M a n a g e m e n t (M D M)
The objective of Cloud computing is MDM is a solution The internet of things,
ERP is to integrate the on-demand that uses software as or IoT, is a system of
delivery of IT a component to interrelated
key processes of resources, including provision mobile computing devices,
the organization servers, databases, devices while mechanical and
s u c h a s o r d e r e n t r y, storage, software, protecting an digital machines,
manufacturing, analytics, and organization’s assets, objects, animals or
procurement and intelligence, over the such as data. people that are
internet. Organizations practice provided with unique
accounts payable, identifiers (UIDs) and
MDM by applying
payroll, and human Public, Private, Hybrid software, processes the ability to transfer
resources. and security policies data over a network
onto mobile devices without requiring
and toward their use. human-to-human or
human-to-computer
interaction.
IT CONTROLS FOR IT ENVIRONMENT
• Organizations must integrate IT with business strategies to attain their overall objectives.
• Issues such as IT governance, international information infrastructure, security, privacy, and
control of public and organizational information must be addressed.
• IT controls shall be established, implemented, maintained, and continually improved.
• Audits determine conformity with the controls and if it is effectively implemented and
maintained.
THE AUDITING PROFESSION
Financial auditing encompasses he IIA defines internal auditing The external audit function
all activities and responsibilities (IA) as “an independent, evaluates the reliability and the
concerned with the rendering of objective assurance and validity of systems controls in
an opinion on the fairness of consulting activity designed to all forms.
financial statements. add value and improve an
organization’s operations.”
IT AUDITING
IT Auditing and its two groupings
IT AUDITING
IS IT
IT auditing provides reasonable assurance (never absolute) that the information generated by
applications within the organization is accurate, complete, and supports effective decision
making consistent with the nature and scope of the engagement previously agreed.
IT AUDITING
Examines IT general controls or “ITGCs”, including Examines processing controls specific to the
policies and procedures, that relate to many application. Also referred to as “automated controls.”
applications and supports the effective functioning of
application controls. They are concerned with the accuracy, completeness,
validity, and authorization of the data captured,
General controls cover the IT infrastructure and entered, processed, stored, transmitted, and reported.
support services, including all systems and
applications. Examples of application controls include checking the
mathematical accuracy of records, validating data
Commonly include controls over (1) IS operations; (2) input, and performing numerical sequence checks,
information security (ISec); and (3) change control among others. Application controls are likely to be
management (CCM) effective when general controls are effective.
THE NEED FOR IT
AUDIT
How IT Auditing is a necessary
THE NEED FOR IT AUDIT
IT presents risk factors that are unique to accounting, auditing, and systems. That is, IT itself
brings risk to the entity regarding its systems, business processes, and financial/accounting
processing. That risk is unique to IT; without IT being present, that risk would not exist—at
least not to the same level. It takes a professional, such as an IT auditor, to identify and
assess the inherent risk associated with IT.
Reports of information theft, computer fraud, information abuse, and other related control
concerns are being heard more frequently around the world, and better IT controls are
required.
THE NEED FOR IT AUDIT
• Organizations must integrate IT with business strategies to attain their overall objectives.
• Issues such as IT governance, international information infrastructure, security, privacy, and
control of public and organizational information must be addressed.
• IT controls shall be established, implemented, maintained, and continually improved.
• Audits determine conformity with the controls and if it is effectively implemented and
maintained.
IT CONTROLS FOR IT ENVIRONMENT
• Organizations must integrate IT with business strategies to attain their overall objectives.
• Issues such as IT governance, international information infrastructure, security, privacy, and
control of public and organizational information must be addressed.
• IT controls shall be established, implemented, maintained, and continually improved.
• Audits determine conformity with the controls and if it is effectively implemented and
maintained.
IT AUDITOR AS COUNSELOR
• IT auditors can work in the field of computer forensics or work side by side with a computer
forensics specialist, supplying insight into a particular system or network. The specialists
can ask the IT audit professionals questions pertaining to the system and get responses
faster than having to do research and figure everything out on their own.
IT AUDITOR
PROFILE
Experience and Skills
IT AUDITOR PROFILE
2023 ACT1208
THANK YOU
2023 ACT1208