Kamran

Powered by URL Cash

Importance of follow up IT Audit

Follow up IT Audit is very important, sometimes even more important than main IT Audit. Let us briefly discuss what is follow up IT Audit and How this is useful ?

What is follow up IT Audit?

IT Audit which is done after main audit to review the steps taken by Management as suggested/recommended in Main IT Audit. IT Auditors checks whether the critical/major findings as suggested in Main audit is complied 1. Suitably 2. Adequately 3. As recommended or as per the best practice.

Who does the follow up IT Audit?

Not always necessary but this is generally done by same team of IT Auditor which conducts the main IT Audit.

What is the purpose of Follow up IT Audit?

1. It reviews whether the management has taken suitable and adequate steps to comply the necessary remarks which were not rectified during main audit.

2. Whether all the necessary rectification were made

3. If recommended measures were not taken then why?

4. What is the reason for pending compliance. Should all the suggested remarks should be rectified and complied?

It depends on:

1. Management appetite for taking risk

2. Cost benefit ratio Whether IT Auditor should submit the report of follow up audit? Yes this should be as per ISACA Standard and guidelines.

How to Become a Successful IT Consultant

How to Become a Successful IT Consultant' is a practical book for anyone considering setting themselves up as an IT consultant. It is essential reading for those contemplating such a career change. Today IT consulting has become a major opportunity for many IT professionals who want to work for themselves. It is no longer only the domain of the high-flying international organization. In fact tens of thousands of IT professionals are leaving their regular jobs to set up as IT consultants on their own. Although there are many consulting opportunities available it is quite a challenge to make a success of your own IT consulting business. There are a lot of things to think about and many decisions to be made. For those who get it right there is a very exciting and highly lucrative business career ahead. This book takes the IT professional through all the key issues which have to be understood and explains how to optimize your chances of developing a long-term IT consulting business of your own. This practical book explains what is involved in setting up your own business as an IT Consultant. It explains the opportunities involved and gives practical advice as to how to take advantage of them. The book looks at the full range of issues concerned with getting started and maintaining your business and gives practical guidelines about how to face the many challenges which you will encounter if you leave your job and set up on your own. Amongst the many issues involved this book specifically addresses:how to find clients; how to get more business and the opportunities areas available; how to price your services; the funding you will require; how to plan your consulting assignments

CISA: Certified Information Systems Auditor Study Guide

Building on the proven approach of other Sybex Study Guides, this book takes the exam Content Areas, and Tasks and Knowledge Areas, and breaks them down for the reader in a clear and concise manner. The book will cover:

The IS Audit Process.

Scope & Methodology of IT Audit

The scope of work at organizations' premesis consists of following:

Evaluation of the current IT infrastructure.

How might architecture be modified so that it adds more value to the organization?

Evaluate the processes by which systems and/or infrastructure are developed/acquired and tested to ensure that the deliverables meet the organization’s objectives.

Evaluate the IT procurement policies.

Evaluate the readiness of the system and/or infrastructure for implementation.

Perform reviews of systems and/or infrastructure to ensure that they meet the organization’s objectives and are subject to effective internal control.

Evaluate the process by which systems and/or infrastructure are maintained to ensure the continued support of the organization’s objectives and are subject to effective internal control.

Evaluate the process by which systems and/or infrastructure are disposed of to ensure that they comply with the organization’s policies and procedures.

Evaluate data administration practices to ensure the integrity and optimization of databases.

Evaluate the functionality of the IT infrastructure (e.g., network components, hardware, system software) to ensure that it supports the organization’s objectives.

Evaluate the design, implementation, and monitoring of physical access controls to ensure the confidentiality, integrity, availability and authorized use of information assets.

Methodology included review of existing policies and procedures related to information technology, interviews with management and staff, and analysis of pertinent data and records. Tolls used to audit the systems and networks include Open Audit and Dump ACL.

Background of the Organization for IT Audit

Control Authorities are responsible for determining the appropriate level of access to the systems and requesting authorization for their staff through Information Department. Information Department will clear authorization for access to specific modules and notify the Authorities for approval. These service requests are processed through e-mail or written notes by Help Desk running under Information Department. If the request is for a new hire personal, the Help Desk will set up a new network user ID based on request.

User capabilities are granted individually, based on needs as determined by the Authorities, either by the administrator of Information Department as the staff of this department is responsible for directing, the design, analysis, creation, monitoring, administration, troubleshooting and enhancement of personal computer network or by a Authority (staff in department which has responsibility for such action to be taken
According to procedures Authorities are also responsible for notifying Information Department when an employee is terminated or transferred so that Information Department may be timely cancelled or modify the authorizations of the said employee.

All the purchase requests are routed from information department to the purchase department which is then forwarded to the authority for approval.

Objective of an IT Audit

The audit objective is to determine if current IT infrastructure of the organization is adequate as per the latest IT developments and to suggest the management the ways of improvement in its vision of IT to improve given standards.

A system that is efficient, always available and secure may be developed to meet the needs of the organization.

The audit is scheduled to be performed with the support of the Information Department and Management in premises of organization .

IT Audit in Pakistan

CISA Objectives

The objective of this program is to prepare an understanding of the scope and areas to be tested in the CISA exams, and to prepare the students for the exam.

Benefits

CISA Designation always assures employers that the staff is able to apply state of the art information systems and information technology audit, security and controls practices and techniques. Many employers require that the achievement of CISA designation is a strong factor for employment and/or advancement in their careers.

Contents of the Exam

CISA exam contains those tasks that would routinely be performed by IS & IT auditors. Considering the exam contents, this program covers the following subjects:
· IS Audit Process
· IT Governance
· Systems and Infrastructure Lifecycle Management
· IT Service Delivery and Support
· Protection of Information Asset
· Business Continuity and Disaster Recovery

Participants Profile

This course is open for all graduates, with basic auditing experience. Basic computer knowledge would be an added advantage. The ideal candidates would be auditors, chartered accountants, CA and ACMA students, IT security managers and administrators, database & network administrators, risk managers and IT project managers.

IT Audit

We conduct an Information Technology Audit which focused on physical controls, inventory controls, environmental controls, access security and recovery planning for any Organization' Information Technology System.

The major emphasis of the audit is to look at the strength of IT infrastructure and finding out the gap to improve the standards to meet the future requirements.

Audit objectives are to ensure IT acquisitions comply with policies and standards of central control departments and information department, promote the advancement of the departmental strategic directions for information technology.