Tuesday, August 5, 2008

Importance of follow up IT Audit

Follow up IT Audit is very important, sometimes even more important than main IT Audit. Let us briefly discuss what is follow up IT Audit and How this is useful ?

What is follow up IT Audit?

IT Audit which is done after main audit to review the steps taken by Management as suggested/recommended in Main IT Audit. IT Auditors checks whether the critical/major findings as suggested in Main audit is complied 1. Suitably 2. Adequately 3. As recommended or as per the best practice.

Who does the follow up IT Audit?

Not always necessary but this is generally done by same team of IT Auditor which conducts the main IT Audit.

What is the purpose of Follow up IT Audit?

1. It reviews whether the management has taken suitable and adequate steps to comply the necessary remarks which were not rectified during main audit.

2. Whether all the necessary rectification were made

3. If recommended measures were not taken then why?

4. What is the reason for pending compliance. Should all the suggested remarks should be rectified and complied?

It depends on:

1. Management appetite for taking risk

2. Cost benefit ratio Whether IT Auditor should submit the report of follow up audit? Yes this should be as per ISACA Standard and guidelines.

Thursday, July 24, 2008

How to Become a Successful IT Consultant





How to Become a Successful IT Consultant' is a practical book for anyone considering setting themselves up as an IT consultant. It is essential reading for those contemplating such a career change. Today IT consulting has become a major opportunity for many IT professionals who want to work for themselves. It is no longer only the domain of the high-flying international organization. In fact tens of thousands of IT professionals are leaving their regular jobs to set up as IT consultants on their own. Although there are many consulting opportunities available it is quite a challenge to make a success of your own IT consulting business. There are a lot of things to think about and many decisions to be made. For those who get it right there is a very exciting and highly lucrative business career ahead. This book takes the IT professional through all the key issues which have to be understood and explains how to optimize your chances of developing a long-term IT consulting business of your own. This practical book explains what is involved in setting up your own business as an IT Consultant. It explains the opportunities involved and gives practical advice as to how to take advantage of them. The book looks at the full range of issues concerned with getting started and maintaining your business and gives practical guidelines about how to face the many challenges which you will encounter if you leave your job and set up on your own. Amongst the many issues involved this book specifically addresses:how to find clients; how to get more business and the opportunities areas available; how to price your services; the funding you will require; how to plan your consulting assignments

Wednesday, June 25, 2008

CISA: Certified Information Systems Auditor Study Guide




Building on the proven approach of other Sybex Study Guides, this book takes the exam Content Areas, and Tasks and Knowledge Areas, and breaks them down for the reader in a clear and concise manner. The book will cover:

The IS Audit Process.

Tuesday, June 10, 2008

Scope & Methodology of IT Audit

The scope of work at organizations' premesis consists of following:

Evaluation of the current IT infrastructure.

How might architecture be modified so that it adds more value to the organization?

Evaluate the processes by which systems and/or infrastructure are developed/acquired and tested to ensure that the deliverables meet the organization’s objectives.

Evaluate the IT procurement policies.

Evaluate the readiness of the system and/or infrastructure for implementation.

Perform reviews of systems and/or infrastructure to ensure that they meet the organization’s objectives and are subject to effective internal control.

Evaluate the process by which systems and/or infrastructure are maintained to ensure the continued support of the organization’s objectives and are subject to effective internal control.

Evaluate the process by which systems and/or infrastructure are disposed of to ensure that they comply with the organization’s policies and procedures.

Evaluate data administration practices to ensure the integrity and optimization of databases.

Evaluate the functionality of the IT infrastructure (e.g., network components, hardware, system software) to ensure that it supports the organization’s objectives.

Evaluate the design, implementation, and monitoring of physical access controls to ensure the confidentiality, integrity, availability and authorized use of information assets.

Methodology included review of existing policies and procedures related to information technology, interviews with management and staff, and analysis of pertinent data and records. Tolls used to audit the systems and networks include Open Audit and Dump ACL.

Monday, June 9, 2008

Background of the Organization for IT Audit


Control Authorities are responsible for determining the appropriate level of access to the systems and requesting authorization for their staff through Information Department. Information Department will clear authorization for access to specific modules and notify the Authorities for approval. These service requests are processed through e-mail or written notes by Help Desk running under Information Department. If the request is for a new hire personal, the Help Desk will set up a new network user ID based on request.

User capabilities are granted individually, based on needs as determined by the Authorities, either by the administrator of Information Department as the staff of this department is responsible for directing, the design, analysis, creation, monitoring, administration, troubleshooting and enhancement of personal computer network or by a Authority (staff in department which has responsibility for such action to be taken
According to procedures Authorities are also responsible for notifying Information Department when an employee is terminated or transferred so that Information Department may be timely cancelled or modify the authorizations of the said employee.

All the purchase requests are routed from information department to the purchase department which is then forwarded to the authority for approval.

Thursday, June 5, 2008

Objective of an IT Audit

The audit objective is to determine if current IT infrastructure of the organization is adequate as per the latest IT developments and to suggest the management the ways of improvement in its vision of IT to improve given standards.

A system that is efficient, always available and secure may be developed to meet the needs of the organization.

The audit is scheduled to be performed with the support of the Information Department and Management in premises of organization .