SlideShare una empresa de Scribd logo

CIS Audit Lecture # 1

Descargar como PPSX, PDF
C
Cheng Olayvar
TecnologíaEmpresariales
1 de 24
OVERVIEW OF IT AUDIT IT RISK AND CONTROLS IS AUDIT PROCESS
Assurance engagement  An engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria. (Handbook of ISA; IFAC)
Code of Professional Ethics ISACA sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the Association and/or its certification holders. Members and ISACA Certification holder’s shall: 1.Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems.
Code of Professional Ethics 2.Perform their duties with due diligence and professional care, in accordance with professional standards and best practices. 3.Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession.
Code of Professional Ethics 4.Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties. 5.Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence.
Code of Professional Ethics 6.Inform appropriate parties of the results of work performed; revealing all significant facts known to them. 7.Support the professional education of stakeholders in enhancing their understanding of information systems security and control. Failure to comply with this Code of Professional Ethics can result in an investigation in to a member’s or certification holder’s conduct and, ultimately, in disciplinary measures.
Auditing  Evaluation  Organization  System  Process  Project  Product  Performed by  Competent  Independent  Objective  Issue report
Why do we plan?  To improve effectiveness  Enhance the chance of success  To improve efficiency  Achieve the best result with the least resources
What should we consider in planning an IS Audit?  Risk  Controls  Technological updates  Business needs  Auditing techniques
How do we plan (Audit planning process)? Defining the needs/problem Gather relevant information Evaluate the plan Asses /enumerate the risks Assign resources Implement the plan Develop strategy Analyze the risk Set audit scope and Identify and review controls objectives
Risk  Is the potential that a given threat will exploit the vulnerabilities of an asset/s to cause loss or damage to the asset/s.
Risk Assessment  Identifying business risks relevant to financial reporting objectives;  Estimating the significance of the risks;  Assessing the likelihood of their occurrence; and  Deciding about actions to address those risks. -PSA 315.15
Internal control in a CIS Environment  General CIS Control  Application Control
General CIS Control  Organization and management controls  Development and maintenance controls  Delivery and support controls  Monitoring controls
Organization and management controls  Strategic information technology plan.  CIS policies and procedures.  Clearly defined roles and responsibilities.  Segregation of incompatible functions  Monitoring of IS activities performed by third party consultants.
Development and maintenance controls  Project initiation, requirements definition, systems design, testing, data conversion, go-live decision, migration to production environment, documentation of new or revised systems, and user training.  Acquisition and implementation of off-the-shelf packages.  Request for changes to the existing systems.  Acquisition, implementation, and maintenance of system software .
Delivery and support controls  Establishment of service level agreements against which CIS services are measured.  Performance and capacity management controls.  Event and problem management controls.  Disaster recovery/contingency planning, training, and file backup.  Computer operations controls.  Systems security.  Physical and environment controls.
Monitoring controls  Monitoring of key CIS performance indicators.  Internal and external CIS audits.
Application Control  Controls over input  Controls over processing and computer data files  Controls over output
Controls over input  Transactions are properly validated and authorized before being processed by the computer.  Transactions are accurately converted into machine readable form and recorded in the computer data files.  Transactions are not lost, added, duplicated or improperly changed.  Incorrect transactions are rejected, corrected and, if necessary, resubmitted on a timely basis.
Controls over processing and computer data files  Transactions, including system generated transactions, are properly processed by the computer.  Transactions are not lost, added, excluded, duplicated or improperly changed.  Processing errors are identified and corrected on a timely basis.
Controls over output  Results of processing are accurate.  Access to output is restricted to authorized personnel.  Output is provided to appropriate authorized personnel on a timely basis.
How do we plan (Audit planning process)? Defining the needs/problem Gather relevant information Evaluate the plan Asses /enumerate the risks Assign resources Implement the plan Develop strategy Analyze the risk Set audit scope and Identify and review controls objectives
References  PAPS 1008  PSA 315  ISACA

Recomendados

03 chapter 4 deductions from gross estate part 01
03 chapter 4 deductions from gross estate part 0103 chapter 4 deductions from gross estate part 01
03 chapter 4 deductions from gross estate part 01Flab Villasencio
 
AUDIT SPECIALIZED INDUSTRIES 2.pdf
AUDIT SPECIALIZED INDUSTRIES 2.pdfAUDIT SPECIALIZED INDUSTRIES 2.pdf
AUDIT SPECIALIZED INDUSTRIES 2.pdfCristelTannagan
 
521974482-AUDITING-and-ASSURANCE-Specialized-Industries-1.pptx
521974482-AUDITING-and-ASSURANCE-Specialized-Industries-1.pptx521974482-AUDITING-and-ASSURANCE-Specialized-Industries-1.pptx
521974482-AUDITING-and-ASSURANCE-Specialized-Industries-1.pptxOliviaCelestine
 
Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditSmitesh Bhosale
 
Paps 1006
Paps 1006Paps 1006
Paps 1006RS NAVARRO
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksTommy Zul Hidayat
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal controljayussuryawan
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management FrameworkTreasury Consulting LLP
 

Recomendados

03 chapter 4 deductions from gross estate part 01
03 chapter 4 deductions from gross estate part 0103 chapter 4 deductions from gross estate part 01
03 chapter 4 deductions from gross estate part 01Flab Villasencio
 
AUDIT SPECIALIZED INDUSTRIES 2.pdf
AUDIT SPECIALIZED INDUSTRIES 2.pdfAUDIT SPECIALIZED INDUSTRIES 2.pdf
AUDIT SPECIALIZED INDUSTRIES 2.pdfCristelTannagan
 
521974482-AUDITING-and-ASSURANCE-Specialized-Industries-1.pptx
521974482-AUDITING-and-ASSURANCE-Specialized-Industries-1.pptx521974482-AUDITING-and-ASSURANCE-Specialized-Industries-1.pptx
521974482-AUDITING-and-ASSURANCE-Specialized-Industries-1.pptxOliviaCelestine
 
Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditSmitesh Bhosale
 
Paps 1006
Paps 1006Paps 1006
Paps 1006RS NAVARRO
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksTommy Zul Hidayat
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal controljayussuryawan
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management FrameworkTreasury Consulting LLP
 
Chapter 12
Chapter 12Chapter 12
Chapter 12Vera Nataa
 
Feasibility Study and Background of the Study
Feasibility Study and Background of the StudyFeasibility Study and Background of the Study
Feasibility Study and Background of the StudySCPS
 
Chapter 3
Chapter 3Chapter 3
Chapter 3EasyStudy3
 
Chapter 12-fraud-and-error-report
Chapter 12-fraud-and-error-reportChapter 12-fraud-and-error-report
Chapter 12-fraud-and-error-reportJamesChaves3
 
Lecture 16 internal control - james a. hall book chapter 3
Lecture 16 internal control - james a. hall book chapter 3Lecture 16 internal control - james a. hall book chapter 3
Lecture 16 internal control - james a. hall book chapter 3Habib Ullah Qamar
 
Module_1_Acctg440.pptx
Module_1_Acctg440.pptxModule_1_Acctg440.pptx
Module_1_Acctg440.pptxLeahMaeNolasco
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal controlTommy Zul Hidayat
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 
01 Chapter 1 and 2 Taxation 2
01 Chapter 1 and 2 Taxation 2 01 Chapter 1 and 2 Taxation 2
01 Chapter 1 and 2 Taxation 2 Flab Villasencio
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
IT Revision and Auditing
IT Revision and AuditingIT Revision and Auditing
IT Revision and AuditingAmith Reddy
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsjayussuryawan
 
Credit Collections The Basics
Credit Collections The BasicsCredit Collections The Basics
Credit Collections The BasicsCredit Management Association
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Chapter 2
Chapter 2Chapter 2
Chapter 2Vera Nataa
 
Audit report- Consideration of Internal Control
Audit report- Consideration of Internal ControlAudit report- Consideration of Internal Control
Audit report- Consideration of Internal Controlnellynljcoles
 
2 feasibility-study
2 feasibility-study2 feasibility-study
2 feasibility-studyFajar Baskoro
 
The ippf in 2017
The ippf in 2017The ippf in 2017
The ippf in 2017Dr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
James hall ch 2
James hall ch 2James hall ch 2
James hall ch 2David Julian
 
03 chapter 4 deductions from gross estate part 02
03 chapter 4 deductions from gross estate part 0203 chapter 4 deductions from gross estate part 02
03 chapter 4 deductions from gross estate part 02Flab Villasencio
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 

Más contenido relacionado

La actualidad más candente

Feasibility Study and Background of the Study
Feasibility Study and Background of the StudyFeasibility Study and Background of the Study
Feasibility Study and Background of the StudySCPS
 
Chapter 12-fraud-and-error-report
Chapter 12-fraud-and-error-reportChapter 12-fraud-and-error-report
Chapter 12-fraud-and-error-reportJamesChaves3
 
Lecture 16 internal control - james a. hall book chapter 3
Lecture 16 internal control - james a. hall book chapter 3Lecture 16 internal control - james a. hall book chapter 3
Lecture 16 internal control - james a. hall book chapter 3Habib Ullah Qamar
 
Module_1_Acctg440.pptx
Module_1_Acctg440.pptxModule_1_Acctg440.pptx
Module_1_Acctg440.pptxLeahMaeNolasco
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal controlTommy Zul Hidayat
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 
01 Chapter 1 and 2 Taxation 2
01 Chapter 1 and 2 Taxation 2 01 Chapter 1 and 2 Taxation 2
01 Chapter 1 and 2 Taxation 2 Flab Villasencio
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
IT Revision and Auditing
IT Revision and AuditingIT Revision and Auditing
IT Revision and AuditingAmith Reddy
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsjayussuryawan
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Audit report- Consideration of Internal Control
Audit report- Consideration of Internal ControlAudit report- Consideration of Internal Control
Audit report- Consideration of Internal Controlnellynljcoles
 
03 chapter 4 deductions from gross estate part 02
03 chapter 4 deductions from gross estate part 0203 chapter 4 deductions from gross estate part 02
03 chapter 4 deductions from gross estate part 02Flab Villasencio
 

La actualidad más candente (20)

Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Feasibility Study and Background of the Study
Feasibility Study and Background of the StudyFeasibility Study and Background of the Study
Feasibility Study and Background of the Study
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Chapter 12-fraud-and-error-report
Chapter 12-fraud-and-error-reportChapter 12-fraud-and-error-report
Chapter 12-fraud-and-error-report
 
Lecture 16 internal control - james a. hall book chapter 3
Lecture 16 internal control - james a. hall book chapter 3Lecture 16 internal control - james a. hall book chapter 3
Lecture 16 internal control - james a. hall book chapter 3
 
Module_1_Acctg440.pptx
Module_1_Acctg440.pptxModule_1_Acctg440.pptx
Module_1_Acctg440.pptx
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk ppt
 
01 Chapter 1 and 2 Taxation 2
01 Chapter 1 and 2 Taxation 2 01 Chapter 1 and 2 Taxation 2
01 Chapter 1 and 2 Taxation 2
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
 
IT Revision and Auditing
IT Revision and AuditingIT Revision and Auditing
IT Revision and Auditing
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systems
 
Credit Collections The Basics
Credit Collections The BasicsCredit Collections The Basics
Credit Collections The Basics
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Audit report- Consideration of Internal Control
Audit report- Consideration of Internal ControlAudit report- Consideration of Internal Control
Audit report- Consideration of Internal Control
 
2 feasibility-study
2 feasibility-study2 feasibility-study
2 feasibility-study
 
The ippf in 2017
The ippf in 2017The ippf in 2017
The ippf in 2017
 
James hall ch 2
James hall ch 2James hall ch 2
James hall ch 2
 
03 chapter 4 deductions from gross estate part 02
03 chapter 4 deductions from gross estate part 0203 chapter 4 deductions from gross estate part 02
03 chapter 4 deductions from gross estate part 02
 

Similar a CIS Audit Lecture # 1

CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
Audits & Inspections_Katalyst HLS
Audits & Inspections_Katalyst HLSAudits & Inspections_Katalyst HLS
Audits & Inspections_Katalyst HLSKatalyst HLS
 
#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahiSN Panigrahi, PMP
 
Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseDesmond Devendran
 
Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02Waqas Ahmad
 
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project CharterSAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project CharterDavid Sweigert
 
Infographic: Maturing Audit Plans and Processes
Infographic: Maturing Audit Plans and Processes Infographic: Maturing Audit Plans and Processes
Infographic: Maturing Audit Plans and Processes EMC
 
implementation_of_a_risk-based_process_safety_management_system_framework.pptx
implementation_of_a_risk-based_process_safety_management_system_framework.pptximplementation_of_a_risk-based_process_safety_management_system_framework.pptx
implementation_of_a_risk-based_process_safety_management_system_framework.pptxzeidali3
 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfpriyanshamadhwal2
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security programWilliam Godwin
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011Marc Vael
 
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...cveiga12
 
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...cveiga12
 
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...Raleigh ISSA
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 

Similar a CIS Audit Lecture # 1 (20)

CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
 
Auditing
AuditingAuditing
Auditing
 
Audits & Inspections_Katalyst HLS
Audits & Inspections_Katalyst HLSAudits & Inspections_Katalyst HLS
Audits & Inspections_Katalyst HLS
 
#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi
 
Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review Course
 
Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02
 
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project CharterSAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
 
Infographic: Maturing Audit Plans and Processes
Infographic: Maturing Audit Plans and Processes Infographic: Maturing Audit Plans and Processes
Infographic: Maturing Audit Plans and Processes
 
implementation_of_a_risk-based_process_safety_management_system_framework.pptx
implementation_of_a_risk-based_process_safety_management_system_framework.pptximplementation_of_a_risk-based_process_safety_management_system_framework.pptx
implementation_of_a_risk-based_process_safety_management_system_framework.pptx
 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdf
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security program
 
module_1.pptx
module_1.pptxmodule_1.pptx
module_1.pptx
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554
 
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
 
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
 
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
 

Más de Cheng Olayvar

Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 
Accounting Information System
Accounting Information SystemAccounting Information System
Accounting Information SystemCheng Olayvar
 
Cash Flow Statement - Finac 4
Cash Flow Statement - Finac 4Cash Flow Statement - Finac 4
Cash Flow Statement - Finac 4Cheng Olayvar
 
Production Management - ABC Inventory
Production Management - ABC InventoryProduction Management - ABC Inventory
Production Management - ABC InventoryCheng Olayvar
 

Más de Cheng Olayvar (12)

Cost of Capital
Cost of Capital Cost of Capital
Cost of Capital
 
AIS Lecture 1
AIS Lecture 1AIS Lecture 1
AIS Lecture 1
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security control
 
AIS Implementation
AIS ImplementationAIS Implementation
AIS Implementation
 
Bsa 1286
Bsa 1286Bsa 1286
Bsa 1286
 
Microsoft Project
Microsoft ProjectMicrosoft Project
Microsoft Project
 
Accounting Information System
Accounting Information SystemAccounting Information System
Accounting Information System
 
Info System 2
Info System 2Info System 2
Info System 2
 
Info System
Info SystemInfo System
Info System
 
Cash Flow Statement - Finac 4
Cash Flow Statement - Finac 4Cash Flow Statement - Finac 4
Cash Flow Statement - Finac 4
 
Production Management - ABC Inventory
Production Management - ABC InventoryProduction Management - ABC Inventory
Production Management - ABC Inventory
 

Último

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

CIS Audit Lecture # 1

  • 1. OVERVIEW OF IT AUDIT IT RISK AND CONTROLS IS AUDIT PROCESS
  • 2. Assurance engagement  An engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria. (Handbook of ISA; IFAC)
  • 3. Code of Professional Ethics ISACA sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the Association and/or its certification holders. Members and ISACA Certification holder’s shall: 1.Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems.
  • 4. Code of Professional Ethics 2.Perform their duties with due diligence and professional care, in accordance with professional standards and best practices. 3.Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession.
  • 5. Code of Professional Ethics 4.Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties. 5.Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence.
  • 6. Code of Professional Ethics 6.Inform appropriate parties of the results of work performed; revealing all significant facts known to them. 7.Support the professional education of stakeholders in enhancing their understanding of information systems security and control. Failure to comply with this Code of Professional Ethics can result in an investigation in to a member’s or certification holder’s conduct and, ultimately, in disciplinary measures.
  • 7. Auditing  Evaluation  Organization  System  Process  Project  Product  Performed by  Competent  Independent  Objective  Issue report
  • 8. Why do we plan?  To improve effectiveness  Enhance the chance of success  To improve efficiency  Achieve the best result with the least resources
  • 9. What should we consider in planning an IS Audit?  Risk  Controls  Technological updates  Business needs  Auditing techniques
  • 10. How do we plan (Audit planning process)? Defining the needs/problem Gather relevant information Evaluate the plan Asses /enumerate the risks Assign resources Implement the plan Develop strategy Analyze the risk Set audit scope and Identify and review controls objectives
  • 11. Risk  Is the potential that a given threat will exploit the vulnerabilities of an asset/s to cause loss or damage to the asset/s.
  • 12. Risk Assessment  Identifying business risks relevant to financial reporting objectives;  Estimating the significance of the risks;  Assessing the likelihood of their occurrence; and  Deciding about actions to address those risks. -PSA 315.15
  • 13. Internal control in a CIS Environment  General CIS Control  Application Control
  • 14. General CIS Control  Organization and management controls  Development and maintenance controls  Delivery and support controls  Monitoring controls
  • 15. Organization and management controls  Strategic information technology plan.  CIS policies and procedures.  Clearly defined roles and responsibilities.  Segregation of incompatible functions  Monitoring of IS activities performed by third party consultants.
  • 16. Development and maintenance controls  Project initiation, requirements definition, systems design, testing, data conversion, go-live decision, migration to production environment, documentation of new or revised systems, and user training.  Acquisition and implementation of off-the-shelf packages.  Request for changes to the existing systems.  Acquisition, implementation, and maintenance of system software .
  • 17. Delivery and support controls  Establishment of service level agreements against which CIS services are measured.  Performance and capacity management controls.  Event and problem management controls.  Disaster recovery/contingency planning, training, and file backup.  Computer operations controls.  Systems security.  Physical and environment controls.
  • 18. Monitoring controls  Monitoring of key CIS performance indicators.  Internal and external CIS audits.
  • 19. Application Control  Controls over input  Controls over processing and computer data files  Controls over output
  • 20. Controls over input  Transactions are properly validated and authorized before being processed by the computer.  Transactions are accurately converted into machine readable form and recorded in the computer data files.  Transactions are not lost, added, duplicated or improperly changed.  Incorrect transactions are rejected, corrected and, if necessary, resubmitted on a timely basis.
  • 21. Controls over processing and computer data files  Transactions, including system generated transactions, are properly processed by the computer.  Transactions are not lost, added, excluded, duplicated or improperly changed.  Processing errors are identified and corrected on a timely basis.
  • 22. Controls over output  Results of processing are accurate.  Access to output is restricted to authorized personnel.  Output is provided to appropriate authorized personnel on a timely basis.
  • 23. How do we plan (Audit planning process)? Defining the needs/problem Gather relevant information Evaluate the plan Asses /enumerate the risks Assign resources Implement the plan Develop strategy Analyze the risk Set audit scope and Identify and review controls objectives
  • 24. References  PAPS 1008  PSA 315  ISACA

Notas del editor

  1. Defining the needs/problemGather relevant informationAsses /enumerate the risksAnalyze the riskIdentify and review controlsSet audit scope and objectivesDevelop strategyAssign resources
  2. Check the impact and probability of the threat
  3. Defining the needs/problemGather relevant informationAsses /enumerate the risksAnalyze the riskIdentify and review controlsSet audit scope and objectivesDevelop strategyAssign resources