Importance of IT Audit in Business Operations

universitas komputer indonesia n.w
1 / 27
Embed
Share

Explore the significance of IT audit in ensuring compliance, risk management, and operational efficiency within organizations. Learn about IT audit fundamentals, types, and the role of internal and external auditors in this comprehensive guide.

  • IT audit
  • Compliance
  • Risk management
  • Internal audit
  • External audit
rayaanacharya
paug_al Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Universitas Komputer Indonesia IT Audit and Control Dr. Yeffry Handoko Putra, M.T MAGISTER SISTEM INFORMASI

  2. Universitas Komputer Indonesia Sylabus Chap 1 IT Audit Fundamental Chap 2 - Audit in Context Chap 3 Internal Audit Chap 4 External Audit Chap 5 Audit Type and IT Audit Component Chap 6 - IT Audit Driver Chap 7 IT Audit with COBIT 5 Chap 8 CISA Certification Review Magister Sistem Informasi (MSI)

  3. Universitas Komputer Indonesia Reference [Gantz] Gants, S.,(2014), The Basic of IT Audit, Elsevier [ISACA] ISACA (2013), CISA Review Manual 2013 Magister Sistem Informasi (MSI)

  4. Universitas Komputer Indonesia The Evolution of COBIT 5 Governance of Enterprise IT IT Governance BMIS (2010) Management Evolution Val IT 2.0 (2008) Control Risk IT (2009) Audit COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT 5 1996 1998 2000 2005/7 2012 4 Magister Sistem Informasi (MSI)

  5. Universitas Komputer Indonesia Audit in many area Magister Sistem Informasi (MSI)

  6. Universitas Komputer Indonesia What is IT Auditing? Evaluating criteria conformity: ITIL Assessment : Quantitative : Balanced Score Card: maturity model (cobit 4.1) Qualitative : PAM Cobit 5 (e.g. Partially, Not available, Fulfilled ) Inspection : CMMI model Comparing to standard, framework, requirement Magister Sistem Informasi (MSI)

  7. Universitas Komputer Indonesia What to audit entire organizations individual business units mission functions and business processes Services Systems Infrastructure or technology components Focused on : controlling, finding bias (differentiation to standard), method Magister Sistem Informasi (MSI)

  8. Universitas Komputer Indonesia Who make IT audit? Internal Audit External Audit Magister Sistem Informasi (MSI)

  9. Universitas Komputer Indonesia Why should do IT Auditing? Preventive Correcting Detective Magister Sistem Informasi (MSI)

  10. Universitas Komputer Indonesia Some reason to do IT Auditing complying with securities exchange rules that companies have an internal audit function; valuating the effectiveness of implemented controls; confirming adherence to internal policies, processes, and procedures; checking conformity to IT governance or control frameworks and standards; Magister Sistem Informasi (MSI)

  11. Universitas Komputer Indonesia Some reason to do IT Auditing (2) analyzing vulnerabilities and configuration settings to support continuous monitoring; identifying weaknesses and deficiencies as part of initial or ongoing risk management; measuring performance against quality benchmarks or service level agreements; verifying and validating systems engineering or IT project management practices; Magister Sistem Informasi (MSI)

  12. Universitas Komputer Indonesia Who perform IT Auditing (The Actor) Internal auditors : employee External IT Auditor: consultant Auditing firm Certification Organization (ISACA with CISA ) International Organization Magister Sistem Informasi (MSI)

  13. Universitas Komputer Indonesia External Auditor from ISACA Certified Information System Auditor (CISA) Certified in Risk and Information System Control (CRISC) Certified Information System Manager (CISM) Magister Sistem Informasi (MSI)

  14. Universitas Komputer Indonesia How to become IT Auditor Magister Sistem Informasi (MSI)

  15. Universitas Komputer Indonesia The good thing of IT Auditing (Auditing Context) Magister Sistem Informasi (MSI)

  16. Universitas Komputer Indonesia Categories of Performance Measures Performance Measurement: What are indicators of good IT performance? IT Control Profile: How can we measure the effectiveness of our controls? Risk Awareness: What are the risks of not achieving our objectives? Benchmarking: How do we perform relative to others and standards? Magister Sistem Informasi (MSI)

  17. Universitas Komputer Indonesia IS Auditor & IT Governance Are IS functions aligned with organization s mission, vision, values, objectives and strategies? Does IS achieve performance objectives established by the business? Does IS comply with legal, fiduciary, environmental, privacy, security, and quality requirements? Are IS risks managed efficiently and effectively? Are IS controls effective and efficient? Magister Sistem Informasi (MSI)

  18. Universitas Komputer Indonesia Audit: Recognizing Problems End-user complaints Excessive costs or budget overruns Late projects Poor motivation - high staff turnover High volume of H/W or S/W defects Inexperienced staff lack of training Unsupported or unauthorized H/W S/W purchases Numerous aborted or suspended development projects Reliance on one or two key personnel Poor computer response time Extensive exception reports, many not tracked to completion Magister Sistem Informasi (MSI)

  19. Universitas Komputer Indonesia Audit: Review Documentation IT Strategies, Plans, Budgets Security Policy Documentation Organization charts & Job Descriptions Steering Committee Reports System Development and Program Change Procedures Operations Procedures HR Manuals QA Procedures Contract Standards and Commitments Bidding, selection, acceptance, maintenance, compliance Magister Sistem Informasi (MSI)

  20. Universitas Komputer Indonesia IT Governance The main idea from COBIT with five key area: Magister Sistem Informasi (MSI)

  21. Universitas Komputer Indonesia IT Governance Also supported by The Information Technology Infrastructure Library (ITIL) and ISO/IEC 20000 for service management; The Project Management Body of Knowledge (PMBOK) and Projects in Controlled Environments version 2 (PRINCE2) for project management; Capability Maturity Model Integration (CMMI) and ISO/IEC 15504 for software development processes; and The ISO/IEC 27000 series and National Institute of Standards and Technology (NIST) risk management framework for information security management. Magister Sistem Informasi (MSI)

  22. Universitas Komputer Indonesia Risk Management COSO s enterprise risk management framework Magister Sistem Informasi (MSI)

  23. Universitas Komputer Indonesia Risk Management NIST s risk management framework Magister Sistem Informasi (MSI)

  24. Universitas Komputer Indonesia Compliance and certification Magister Sistem Informasi (MSI)

  25. Universitas Komputer Indonesia Quality management and quality assurance ISO 9001 Magister Sistem Informasi (MSI)

  26. Universitas Komputer Indonesia The PDCA cycle popularized by W. Edwards Deming Magister Sistem Informasi (MSI)

  27. Universitas Komputer Indonesia Information Security Management System The ISMS process defined in ISO/IEC 27001 applies the familiar PDCA model Magister Sistem Informasi (MSI)

Related


Hepatitis B BD Introduction Plan in Ghana

Hepatitis B BD Introduction Plan in Ghana

helio
Interactive Class Lesson on Sagar and His Family for Grade Four Students

Interactive Class Lesson on Sagar and His Family for Grade Four Students

slea
Juvenile Sentencing Hearings and Legislative Responses: Legal Overview

Juvenile Sentencing Hearings and Legislative Responses: Legal Overview

hett_ee
Legislative & Policy Update Quarterly Board Meeting Overview

Legislative & Policy Update Quarterly Board Meeting Overview

kinl_54
Analyzing the Ending of 'Flowers' by Robin Jenkins

Analyzing the Ending of 'Flowers' by Robin Jenkins

mdami
Whimsical Tales of Trains, Trucks, Chains, and Cheese

Whimsical Tales of Trains, Trucks, Chains, and Cheese

ypag
CHAP and CHR: How They Complement Each Other - A Policy Discussion

CHAP and CHR: How They Complement Each Other - A Policy Discussion

eleniej
Specialty Disease Programs in Healthcare: Innovations and Impact

Specialty Disease Programs in Healthcare: Innovations and Impact

baby563
Portland Area CHAP Board Work Group Membership and Purpose

Portland Area CHAP Board Work Group Membership and Purpose

wadl_o

More Related Content