|
Introduction
Effective management of information and technology
is vital to the survival and success of any organisation.
Information travels without constrains of time, speed
and distance. Our dependence on information and the
systems that deliver them is increasing day by day.
With the introduction of computers, a new dimension
has been added, namely technology risks. Adequate security
structure, systems and processes should exist for successful
IT governance of any enterprise.
Why Information System Audit (ISA)?
We as professionals, with our background in accounting
and audit, are better equipped to carry out information
system audit. ISA is not a substitute to financial audit.
But ISA supports it as the data is captured in information
systems. The expertise required for conducting an ISA
is much more and we should equip ourselves with adequate
and relevant knowledge.
The information systems have moved beyond being just
accounting packages and are now used to cover the entire
range of business operations. They also provide information
that can assist the organisation in planning, controlling
and decision-making. The challenge for the auditor is
to ensure that the information is relevant, accurate
and complete.
Information System audit is done around, with and through
the system. The IS auditor uses the computer to get
into the system itself and checks whether a good system
of controls is built around automated processes and
operates as per the organisation's approved plans.
Information System audit covers the following critical
areas:
- IT Infrastructure (physical facilities / Hardware
etc.)
- Operating systems
- Application software including Database
- Security policies and controls including Disaster
Recovery
- Outsourcing operations
- Systems Development & Change management controls
Before starting an IS Audit, the following information
should be obtained:
- Information on existing Information Systems and
Applications (Technology Summary)
- Organisational structure
- Overview of business process
The challenges faced in any IS audit can be attributed
to the following factors:
- Lack of visible audit trails
- Increasing role of programmed controls
- Inadequate segregation of duties
- IS integrity and confidentiality
- Hacking
There are several facilities available for IS Auditors
in the system itself in addition to independent audit
software. These topics will be discussed in detail later.
Professional education gives an overview, but practical
understanding is essential for an objective IS audit.
With this background we propose to give content relevant
to specific environment and industry.
To start with, we will take up the banking industry,
where IT drives the business process. Internal audit
in a bank supports and helps in statutory audit. System
audit is a prerequisite for financial audit in banks.
ATMs, Internet and mobile banking are some of the areas
where security is a serious concern.
The banking industry is now going the IT way, especially
after the CVC directive to computerise the entire operations.
Many in our profession are involved in auditing of banks
and we might lose out if we do not equip ourselves with
the knowledge to meet new challenges in the ever-changing
banking environment. Chartered Accountants too will
have to gear up to the IT wave. This precisely is the
reason for commencement of ISA course.
• Overview
of banking processes ...
read more
• IS
Audit of banks ... read more
• Controls
in the Information System environment ...
read more
|
