TUTORIAL 2: INTRODUCTION TO IT AUDITING By Ummu Hanisah Abd Rohaman
1. What is IT Governance?
IT Governance is the process for controlling an organization’s information technology resources, where these resources are defined to include information and communication systems, systems, and technology. technology. Control is a something that can be measure. IT resource divided into 3 a. Information i. is concerned with the development, management, and use of computer-based information systems. ii. information in context of technology: access control of card b. Communication system i. Infrastructure - line, fibre optic ii. Main devices iii. End user c. Technology i. Hardware ii. Software iii. Firmware - Is the combination of persistent memory and program code and data stored in it – software convert into hardware.
2. Give 2 objectives of IT Governance. i.
-
Set strategies for IT so that it is closely aligned with organizational goals The first part concerns the use of IT to promote an organization’s objectives and enable business process. To utilize IT resources and to maximize the IT to support our objectives.
-
To use IT for maximum opportunity but minimum risk. The second part involves managing and controlling IT-related risks.
-
ii.
3. Outline 3 Standards and guidelines IT auditors use in their work. The AICPA first issued : i.
GAAS (generally accepted auditing standards) - Categories of general, field work, and reporting standards, provide a framework for more specific guidance.
ii.
SAS (Statements on Auditing Standards) - Interpretations of GAAS with which a CPA must comply in financial statement audits of public companies
iii.
SSAE (Statements on Standards for Attestation Engagements) - Another set of AICPA audit standards
TUTORIAL 2: INTRODUCTION TO IT AUDITING By Ummu Hanisah Abd Rohaman
iv.
IFAC (The international Federation of Accountants) - Handbook of International IT Guidelines - To develop harmonized or common international accounting standards and guidelines to assist professionals in their work. - provides direction concerning IT areas such as security, management of IT, IT operations, monitoring, and implementation.
v.
IAASB (International Auditing and Assurance Standards Board) Issues two types of auditing pronouncements. - The International Standards on Auditing (ISAs) are to be used in financial statement audits - International Auditing Practise Statements (IAPSs) provide auditors with help in implementing the standards.
vi.
ISACA - Issues IT audit standards, guidelines, and procedures includes CobiT and audit standards