Please enable JavaScript.
Coggle requires JavaScript to display documents.
IAA - 06 Information System Auditing, Controls, Risk - Coggle Diagram
IAA - 06
Information System Auditing
Definition
Information Systems
A collection of interconnected components that work together
to collect, store, process & transmit data and information.
Audit
A formal examination of IS
to determine
IS are in compliance with applicable laws,
regulations, contracts or/and industry guidelines.
IS data & information have appropriate levels of
confidentiality, integrity and availability.
IS operations are being accomplished efficiently and
effectiveness targets are being met.
Challenges
Competence
Skill & knowledge necessity
On-going training
Need of specialized auditors.
Tools & methodology
Planning
Short Term
Long Term
Steps
Audit Subject
Object
Scope
Pre-audit planning
Audit loctions
Communication Plan
Technical Skills
Audit Procedures
Individuals to interview.
Obtain policies and procedures
Evaluation
Test Criteria
Confirm Accuracy
Report preparation
Considerations
Risk Assesments
Technology Changes
New Implementations
Understand
Technologies
Regulations
Business Processes
Auditor
Ensure
Regularity requrements
Responsibilities are assigned to
individual entities.
Supporting financial, operational & technical IT
audit functions are in place.
Determine
Level of compliance.
Capture and preservation of data required.
Adherence to procedures.
Ensure external contracts address regulatory issues.
Identify
Risk
Vulnerabilities
Business processes and underlying systems
Probability of occurrence
Magnitude of impact
Recognize
Business risk
Technical risk
Relevant Controls
Wording
Standards
Must be followed.
Guidelines
Assistance on how to implement
Tools & Techniques
Examples for implementing standards
IS Controls
Undesired Evernts
Prevented
Detected
Corrected
Types
Compliance
Financial
Operational
Integrated
Financial + Operational
Administrative
IS Audits
Specialized
SSAE16
Type 1
Type 2
Forensic
Controls
Objectives
Effectiveness
Efficiency
Confidentiality
Integrity
Availability
Compliance
Reliability
Preventive
Detective
Corrective
Risk
Mitigating Controls
Prevent/ Reduce likelihood or occurance.
Detect Occurence
Minimize Impact
Transfer the risk
Definition
The combination of probability of an event
and it's consequence.
Assessment
Based on
Industry standards in risk management
Purpose and nature of the business
Reliance of technology to support business
How IT risk will impact business risk.