You are Always welcome to read my profile and contact me, I am there to support you.
Thursday, 15 October 2015
Information System Audit - As a Professional Opportunity
Opportunities in IT Audits
How to find an IT Audit?
Opportunity arise there, where need subsists..!!
Following are the bases which creates requirement for IT Audit:-
- Technological innovation process audit. This audit constructs a risk profile for existing and new projects. The audit will assess the length and depth of the company's experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure.
- Innovative comparison audit. This audit is an analysis of the innovative abilities of the company being audited, in comparison to its competitors. This requires examination of company's research and development facilities, as well as its track record in actually producing new products.
- Technological position audit: This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing" or "emerging".
- Systems and Applications: An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity.
- Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.
- Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development.
- Management of IT and Enterprise Architecture: An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.
- Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.
A number of IT Audit
professionals from the Information Assurance realm consider there to
be three fundamental types of controls regardless of the type of
audit to be performed, especially in the IT realm. Many frameworks and
standards try to break controls into different disciplines or arenas, terming
them “Security Controls“, ”Access Controls“, “IA Controls” in an effort to
define the types of controls involved. At a more fundamental level, these
controls can be shown to consist of three types of fundamental controls:
Protective/Preventative Controls, Detective Controls and Reactive/Corrective
Controls.
In an IS system, there
are two types of auditors and audits: internal and external. IS auditing is
usually a part of accounting internal auditing, and is frequently performed by
corporate internal auditors. An external auditor reviews the findings of the
internal audit as well as the inputs, processing and outputs of information
systems. The external audit of information systems is frequently a part of the
overall external auditing performed by a Certified Public Accountant (CPA)
firm.
IS auditing considers all
the potential hazards and controls in information systems. It focuses on issues
like operations, data, integrity, software applications, security, privacy,
budgets and expenditures, cost control, and productivity. Guidelines are
available to assist auditors in their jobs, such as those from Information
Systems Audit and Control Association.
Wednesday, 14 October 2015
Subscribe to:
Posts (Atom)