Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

IT Audit

No description
by

Edwin Palma

on 25 April 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of IT Audit

What is an IT Audit
IT Audit
IT Audit

Group 6
COBIT 5
Provides a comprehensive framework for information security that assists enterprises in achieving their objectives for the governance and Management of enterprise IT.
Current Issues
COBIT Benefits
•Maintain high-quality information to support business decisions
•Achieve strategic goals and realize business benefits through the effective and innovative use of IT
•Achieve operational excellence through reliable, efficient application of technology
•Maintain IT-related risk at an acceptable level
•Optimize the cost of IT services and technology
•Support compliance with relevant laws, regulations, contractual agreements and policies

IT Governance
At its most basic definition, IT governance is the process by which decisions are made around IT investments. How decisions are made, who makes the decisions, who is held accountable, and how the results of decisions are measured and monitored are all parts of IT governance

Keys to Effective IT Auditing
Stay Independent
Perform Risk Analysis
Gather Information
Determine Control Objectives
Develop and execute the Audit Program
Suggest recommendations
Create audit report
Follow up on recommendations

Nikita
Polo
Edwin
Junnan
Nancy
IT Security
IT Governance
Lack of success in ERP implementations
Social Media
Cloud Computing
Vendor Management
Emerging Infrastructure Changes
Big Data and Analytics
Pros:
Shared Infrastructure
On Demand
Cloud Computing

1. All internal auditors need to understand core IT control concepts and risks

2. Need Integrated Auditors

3. Staffing
The process of collecting and evaluating data to determine:

Whether an information system has been designed to maintain data integrity
Allow organizational goals to be effectively achieved
Uses resources effectively.

Establishing A Foundation For IT Governance
Structure

Process

Communication

IT Governance Maturity
The 4 Objectives of IT
Governance
EXISTING FRAMEWORKS
ISO 20000
ITIL
ISO 17799 / ISO 27001
Six Sigma
COBIT
Balanced Scorecard
Prince2

Key Concepts
Availability

Security and Confidentiality

Integrity

Basic Audit Skills

Desire to understand technology

Educational background in computer science or related field

Communication skills

The ability to understand new technologies in a short-time period

IT Audit Skills
CERTIFICATIONS
Certified Information Systems Auditor (CISA)

Certified Information Systems Security Professional(CISSP)

Certified Information Security Manager (CISM)

Certified Security Compliance Specialist (CSCS)
Skills
IT Controls
Perform Risk Analysis
Identify potential risk factors:

- Systems position in organization
- Last audit
- Size of assets involved
- Newness of system

Chief Audit Executive creates audit plan

Determine Control Objectives
"A statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity."

Determine if a Disaster Recovery Plan exists

Develop & Execute Audit Program
High level Audit Program

-Audit Objectives

-Characteristics of objectives

-How the objectives will be tested

-Evidence

-Pass/Fail

Create Audit Report
Important part of conducting an IT audit.

The report needs to contain:
- Findings in the audit
- Management’s responses
- Suggested recommendations

COBIT Principles
•Principle 1: Meeting Stakeholder Needs

•Principle 2: Covering the Enterprise End-to- End

•Principle 3: Applying a Single, Integrated Framework

•Principle 4: Enabling a Holistic Approach

•Principle 5: Separating Governance From Management

COBIT 5 Key Enablers
· Principles, policies and frameworks

· Processes.

· Organizational structures

· Culture, ethics and behavior

· Information.

· Services, infrastructure and applications

· People, skills and competencies
Areas For Improvement
Cons:
Privacy
Confidentiality
Unauthorized Access
Audit:
Service level agreements
Code: audit trail
Discussion = Prize
1 Winner
Outline
What is IT audit

IT Governance

Main Framework

Assigned Reading

Current Issues
Common IT Engagements
IT Risk Assessment
IT Governance & Effectiveness Audits
Service Organization Controls
General Computer Control Assessments
Data Privacy Audits
Change Management
Disaster Recovery Planning
Back-up Procedures
? ? ?
Full transcript