Professional Documents
Culture Documents
Chapter 1 Introduction of IT Auditmmd
Chapter 1 Introduction of IT Auditmmd
Chapter 1 Introduction of IT Auditmmd
Introduction to IT Auditing
1
Jenis Audit
Audit Laporan
Keuangan
Audit Audit
Kepatuhan Operasional
JENIS AUDITOR
Akuntan Publik
Auditor Pemerintah
Auditor Pajak
Auditor Intern
5
6
IT Governance
…the process for controlling an organization’s IT resources,
including information and communication systems, and
technology.
7
Information Criteria
• CIA Triangle
• Confidentialilty
• Integrity
• Availability
• Cobit “add-ons”
• Effectiveness
• Efficiency
• Compliance
• Reliability
8
CobiT’s IT Governance
Management Guideline
Identifies critical success factors, key goal and
performance indicators, and an IT governance
maturity model.
IT governance framework begins with setting IT
objectives and measures and compares
performance against them
9
Systems development life cycle (SDLC)
• Provides overall framework for managing system
development process
10
Phases of the Systems
Development Lifecycle (SDLC)
• Project planning: initiate, ensure feasibility, plan
schedule, obtain approval for project
• Analysis: understand business needs and processing
requirements
• Design: define solution system based on requirements
and analysis decisions
• Implementation: construction, testing, user training,
and installation of new system
• Support: keep system running and improve
11
Systems development life cycle (SDLC)
12
Types of Information Systems
13
Message Transmission Example
14
Types of Information Systems
• Information Systems include not only hardware and
software but…
• People
• Procedures*
• Data
15
* Note: Procedures (processes) are “subsets” of the domains in CobiT
What do IT auditors do?
• Ensure IT governance by assessing risks and
monitoring controls over those risks
• Works as either internal or external auditor
• Works on many kind of audit engagements
16
Financial vs IT Audits
• IT auditors may work on financial audit
engagements
• IT auditors may work on every step of the financial
audit engagement
• Standards, such as SAS No. 94, guide the work of IT
auditors on financial audit engagements
• IT audit work on financial audit engagements is
likely to increase as internal control evaluation
becomes more important
17
IT Audit Skills
• College education – IS, computer science,
accounting
• Certifications – CPA, CFE, CIA, CISA, CISSP, and
special technical certifications
• Technical IT audit skills – specialized technologies
• General personal and business skills
18
Professional Groups and
Certifications – Alphabet Soup
• ISACA – CISA/CISM
• IIA – CIA
• ACFE – CFE
• AICPA – CPA and CITP
19
How to Structure an IT Audit
• AICPA Standards and Guidelines – GAAS, SAS, and
SSAE
• IFAC Guidelines – harmonized or common
international accounting standards and guidelines
• ISACA standards, guidelines, and procedures –
includes CobiT and audit standards
20