Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


IT Audit

No description

Edwin Palma

on 25 April 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of IT Audit

What is an IT Audit
IT Audit
IT Audit

Group 6
Provides a comprehensive framework for information security that assists enterprises in achieving their objectives for the governance and Management of enterprise IT.
Current Issues
COBIT Benefits
•Maintain high-quality information to support business decisions
•Achieve strategic goals and realize business benefits through the effective and innovative use of IT
•Achieve operational excellence through reliable, efficient application of technology
•Maintain IT-related risk at an acceptable level
•Optimize the cost of IT services and technology
•Support compliance with relevant laws, regulations, contractual agreements and policies

IT Governance
At its most basic definition, IT governance is the process by which decisions are made around IT investments. How decisions are made, who makes the decisions, who is held accountable, and how the results of decisions are measured and monitored are all parts of IT governance

Keys to Effective IT Auditing
Stay Independent
Perform Risk Analysis
Gather Information
Determine Control Objectives
Develop and execute the Audit Program
Suggest recommendations
Create audit report
Follow up on recommendations

IT Security
IT Governance
Lack of success in ERP implementations
Social Media
Cloud Computing
Vendor Management
Emerging Infrastructure Changes
Big Data and Analytics
Shared Infrastructure
On Demand
Cloud Computing

1. All internal auditors need to understand core IT control concepts and risks

2. Need Integrated Auditors

3. Staffing
The process of collecting and evaluating data to determine:

Whether an information system has been designed to maintain data integrity
Allow organizational goals to be effectively achieved
Uses resources effectively.

Establishing A Foundation For IT Governance



IT Governance Maturity
The 4 Objectives of IT
ISO 20000
ISO 17799 / ISO 27001
Six Sigma
Balanced Scorecard

Key Concepts

Security and Confidentiality


Basic Audit Skills

Desire to understand technology

Educational background in computer science or related field

Communication skills

The ability to understand new technologies in a short-time period

IT Audit Skills
Certified Information Systems Auditor (CISA)

Certified Information Systems Security Professional(CISSP)

Certified Information Security Manager (CISM)

Certified Security Compliance Specialist (CSCS)
IT Controls
Perform Risk Analysis
Identify potential risk factors:

- Systems position in organization
- Last audit
- Size of assets involved
- Newness of system

Chief Audit Executive creates audit plan

Determine Control Objectives
"A statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity."

Determine if a Disaster Recovery Plan exists

Develop & Execute Audit Program
High level Audit Program

-Audit Objectives

-Characteristics of objectives

-How the objectives will be tested



Create Audit Report
Important part of conducting an IT audit.

The report needs to contain:
- Findings in the audit
- Management’s responses
- Suggested recommendations

COBIT Principles
•Principle 1: Meeting Stakeholder Needs

•Principle 2: Covering the Enterprise End-to- End

•Principle 3: Applying a Single, Integrated Framework

•Principle 4: Enabling a Holistic Approach

•Principle 5: Separating Governance From Management

COBIT 5 Key Enablers
· Principles, policies and frameworks

· Processes.

· Organizational structures

· Culture, ethics and behavior

· Information.

· Services, infrastructure and applications

· People, skills and competencies
Areas For Improvement
Unauthorized Access
Service level agreements
Code: audit trail
Discussion = Prize
1 Winner
What is IT audit

IT Governance

Main Framework

Assigned Reading

Current Issues
Common IT Engagements
IT Risk Assessment
IT Governance & Effectiveness Audits
Service Organization Controls
General Computer Control Assessments
Data Privacy Audits
Change Management
Disaster Recovery Planning
Back-up Procedures
? ? ?
Full transcript