Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Welcome
STEP BY STEP APPROACH
TOWARDS
INFORMATION SYSTEMS(IS)AUDIT
Presentation byCA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI)
Partner, Chobe & Mate Associates - Chartered Accountants2,Phadke Sankul,Near Pune Vidyarthi Griha, Sadashiv Peth, Pune 411 030
Phone 2447 8627, 2445 4721, 98223 51901e mail - [email protected]
Courtesy-Mr. Sunil Kulkarni CISA
Different Kinds of Audits
• Participative audit in software development(SDLC audit)
• Software product audit
• Quality audit (Capability Maturity Model/ISO)
• Information Systems Audit
Reality For Users is
Every day is
Bad Day Bad Day
due to IT Problems
• Why IS Audit ?
Need for Information Systems
AuditingOrganizatio
nal costs of
data loss
Costs of
Incorrect
decision
making
Costs of
Computer
abuse
Value of H/W ,
S/W
personnel
High costs
of
Computer
error
Maintenanc
e of Privacy
ORGANISATION
Control & Audit of Computer based Information Systems
ORGANISATION
Objectives of Information
Systems Audit
O
R
G
A
NI
S
Safeguarding of assets
Data Integrity
Information
O
R
G
A
NS
A
TI
O
N
System Effectiveness
System Efficiency
Information
Systems
Auditing
N
I
S
A
T
I
O
N
Current State of Organization
Source: Open Compliance & Ethics Group
Business - IT Scenario
People Find Process workaround
IT - Present Scenario
Process
“80% of
unplanned
ProcessProcessProcessProcessProcessProcessProcess
“80% of
unplanned
Process
“80% of
unplanned
Process
People Technology
IT ServiceIT Service
unplanned
downtime is due
to people and
process” (source: Gartner Group)
PeoplePeople TechnologyPeople TechnologyPeople
IT ServiceIT Service
TechnologyPeople
unplanned
downtime is due
to people and
process” (source: Gartner Group)IT ServiceIT Service
TechnologyPeople
unplanned
downtime is due
to people and
process” (source: Gartner Group)IT ServiceIT Service
TechnologyPeople
Service Management
Financial
Management
Capacity Management
Availability Management
IT Service
Continuity
Management
Release
Management
Service Level
Management
Management
for IT services
Incident
Management Problem Management
Change Management
Configuration Management
Management
IT
Infrastructure
IT
Infrastructure
Obstacles Prevent
Effective
Engagement
13
IT Seen as Black Box:
Business lacks visibility
Poor customer satisfaction
Overwhelming Demand:
Unstructured capture of requests and ideas
No formal process for prioritization and trade-offs
Reactive vs. proactive
Disparate Systems
Reduce Efficiency
14
No Single System of Record for Decision Making
Relevant Metrics Hard to Obtain
Disparate Systems Costly to Maintain and Upgrade
IT Governance Landscape
IT - Overview
Customer
Site 1
Customer
Site 2
Customer
Site 3
Centralized
Desktop
Support
Network
Support
Application
Support
Systems &
Operations
Support
Third Party
Support
Centralized
Service DeskFirst -line Support
Second -line Support
Gartner Group Maturity Model
Service
Value
17
Fire Fighting
Proactive
Reactive
Why to Audit ?
To Measure – Business Value
To Validate To Direct
Why Measure ? – Purpose of reports
Strategy
Vision
Targets and
Metrics
© Crown copyright 2007. Reproduced under lic
ense fro
m OGC.
To InterveneTo Justify
Changes Corrective
Action
Your Measurement Framework
IT Performance
Factual Evidence
The Four reasons for measurements
© Crown copyright 2007. Reproduced under lic
ense fro
m OGC.
18
Awareness aspects for the Board
Part A:IT Environment Risks:
Regulatory Risks:
Strategic Risks Strategic Risks
Organisation Risks
Location Risks
Outsourcing Risks
How to mitigate the risks?
Awareness aspects for the Board
Part B: IT Operations Risk
Error RiskError Risk
Fraud Risk
Disclosure Risk
Interruption Risk
How to mitigate the risks?
Awareness aspects for the Branch
Level Implementation
Audit & Training Aspects
•Environmental Aspects•Organizational Facts•Organizational Facts•Personnel And Training Matters•Systems Security Characteristics•Configuration Management•Branch Parameter Verification & Controls•Disaster Management / Continuity Of Operations
Awareness aspects for the Branch
Level Implementation
Audit & Training Aspects
•Checking Methods Of Branch•Data Consistency Checks•Controls over Income Seepage•Physical Access•Physical Access•Logical Access•Connectivity Issues•ATM operations•Availability & Adherence of IT Procedural Guidelines•Aspects Pertaining To Central Office
Awareness aspects for the Branch
Level Implementation
Audit & Training Aspects
ATM On Site/ Offsite/ On Line / Off Line?Guidelines received from Head Office about ATM OperationsATM OperationsATM Security AspectsATM Card Maintenance ATM Card Pinning ProcessATM registers to be maintainedATM Report Generation, Authentication
THANK YOU
Chobe & Mate Associates
Chartered Accountants
1785, Sadashiv Peth, Phadake Sankul, Khajina Vihir Chowk
Near Pune Vidyarthi Gruha, Pune 411 030
Phone 020-24454721 / 24478627
Mobile CA Abhay Mate 98223 51901