background preloader

IT Audit

Facebook Twitter

CobiT: Helping to align IT with Business Strategy. Auditing and the SAP Environment. What is Audit? Advanced Auditing & Information Systems: Lecture #1 (5/29/14) Advance Auditing & Information Systems: Lecture #2 (6/5/2014) ISPA, IT audit process from DFI/03. Internal audit: Top ten IT audit findings and possible solutions. Information technology audit. An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

IT audits are also known as "automated data processing (ADP) audits" and "computer audits". They were formerly called "electronic data processing (EDP) audits". Purpose[edit] An IT audit is different from a financial statement audit. While a financial audit's purpose is to evaluate whether an organization is adhering to standard accounting practices, the purposes of an IT audit are to evaluate the system's internal control design and effectiveness. Types of IT audits[edit] IT Audit process[edit] IT Audit: Information Technology (IT) Audit Management Software. MetricStream provides a comprehensive IT audit management solution for Information Technology (IT) audits and assessments.

The solution is part of MetricStream IT GRC Solution. By deploying the IT audit solution, organizations can streamline their IT audit and assessment processes, and enable multiple stakeholders to have visibility and control into these processes. The solution provides a single system of record for IT audits and assessments by integrating with various solutions that have already been implemented to automate the testing of controls. The solution can be used along with MetricStream IT Compliance Management Solution to audit compliance with popular frameworks and regulations such as COBIT, ISO 27002, NIST, ITIL,NERC, HIPAA, PCI, Basel II, FISMA, GLBA, SOX, and FFIEC. IT Audit Projects: IT audit projects can be scheduled periodically based on the annual audit plan, or triggered on an ad-hoc basis for specific processes, projects, or applications. IS Audit Basics. "Which KPIs are appropriate for Internal Audit?", 22MAY, 2014, Amsterdam_Nuno Castanheira by Nuno Castanheira on Prezi.

ANAO - Public Sector Internal Audit - Better Practice Guide. © Commonwealth of Australia, 2012 Except for the content in this document supplied by third parties, the Australian National Audit Office logo, the Commonwealth Coat of Arms, and any material protected by a trade mark, this document is licensed by the Australian National Audit Office for use under the terms of a Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 Australia licence.

To view a copy of this licence, visit You are free to copy and communicate the document in its current form for non-commercial purposes, as long as you attribute the document to the Australian National Audit Office and abide by the other licence terms. You may not alter or adapt the work in any way. Permission to use material for which the copyright is owned by a third party must be sought from the relevant copyright owner. For terms of use of the Commonwealth Coat of Arms, visit It's an Honour at. ANAO - Public Sector Internal Audit - Better Practice Guide. The key performance indicators (KPIs) used are of central importance because those features that are measured are the matters that tend to receive the highest priority. It is important, therefore, that the KPIs for internal audit be aligned with the entity's internal audit strategy and work plan, and help to drive the behaviour the entity expects from internal audit.

It is also important that performance is measured over time in order to identify trends, and that performance is measured against both qualitative and quantitative targets. Such targets should be challenging but realistic. While recognising that every organisation is different, the entity may benefit from formal or informal benchmarking of indicators and performance across other public sector entities. The most suitable KPIs will vary from entity to entity depending on their internal audit strategy and the role assigned to internal audit.

Example key performance indicators.

Process Mining

Big Data וביקורת פנימית: אתגר והזדמנות | טיוב בע"מ|יישום טכנולוגיות מידע|ניהול תהליכים עסקיים|ביקורת פנימית. Computer-aided audit tools. 'Computer-assisted audit techniques (CAATs) or computer-assisted audit tools and techniques (CAATTs) is a growing field within the audit profession. CAATs is the practice of using computers to automate the audit processes. CAATs normally includes using basic office productivity software such as spreadsheet, word processors and text editing programs and more advanced software packages involving use statistical analysis and business intelligence tools.

But also more dedicated specialized software are available (see below). CAATs have become synonymous with data analytics in the audit process. Traditional auditing vs CAATs[edit] Traditional audit example[edit] The traditional method of auditing allows auditors to build conclusions based upon a limited sample of a population, rather than an examination of all available or a large sample of data. CAATTs alternative[edit] CAATTs, not CAATs, addresses these problems. Traditional audit vs CAATTs on specific risks[edit] or Specialized software[edit] The Value of Big Data Analytics to the Business. Managing Big Data for Audit Compliance and Business Intelligence - Cloudera VISION.

The following was originally published by the Wall Street Technology Association in the most recent issue of the WSTA Ticker e-zine. Records and reporting requirements have long been a challenge for the financial services industry and are the original definition of the sector’s big data problem. The dual objectives of managing historical data to comply with federal requirements and being able to retrieve and query more data on an ad hoc basis can be both disruptive to the business and prohibitively expensive. The diversity of data makes reporting expensive due to the variety of workloads required—ETL, warehousing, reporting—while the structured query language (SQL), which is primarily used for business intelligence and analysis, is not an adequate tool for order linkage.

Build a Hadoop Active Archive By building an active archive with Hadoop, the data required for reporting becomes less disparate and requires less movement to staging and compute. Extend Value with a Data Hub. Business Intelligence in Audit: Business IS&T Journal Article. Abstract Since 2002, regulations have changed the landscape of internal audit as well as how many internal audit departments are viewed by senior management and the board, making it difficult for internal audit, especially small and medium departments, to maintain a role in the risk management process.

Many companies are beginning to realize the benefit of using business intelligence in the risk management process. By finding ways to get involved in those efforts, internal audit can again provide value and regain a seat at the risk management table. Article Preview Introduction According to the Institute of Internal Auditors (The IIA), the definition of internal auditing is “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.

Figure 1. Business process relationships Technology-Based Audit Techniques Internal auditors always strive to improve efficiency and effectiveness of business processes. Figure 2. Isaca_bi_march_2012. Default. COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. Information Technology - Information Security – Information Assurance | ISACA. Internal Audit. Business Intelligence, QlikView, Tableau, solutions, best-practice, add-ons. Internal audit is the traditional business control instrument. With its holding, companies face a number of challenges, among them are opaque procedures, a large number of reports and the evaluation of their results in the complex.

The solution Business-Qlik for Audit allows you to simplify the internal audit, to maximize its effectiveness. Advantages of Business-Qlik for Audit Solution: complete picture of the data on controlled processes, and as a result - making correct and timely management decisions; quick answers - work in real time with all the information with easy detailing within one product, customer, day, wiring, etc.; reasoned argument - tested tools provide the evidence base for important decisions; single version of the truth excludes controversy associated with different interpretations of a variety of data; modern tools - will reduce the need for external audit and related costs; correct data - minimizes errors in the algorithms into the data warehouse.

Business Intelligence as Internal Audit Tool.