<?xml version="1.0" encoding="utf-8"?>
<!-- generator="FeedCreator 1.7.2" -->
<rss version="2.0">
    <channel>
        <title>Lowyat.NET: Latest topics by konichiwawa</title>
        <description></description>
        <link>http://forum.lowyat.net/</link>
        <lastBuildDate>Mon, 13 Jul 2026 01:32:59 +0800</lastBuildDate>
        <generator>FeedCreator 1.7.2</generator>
        <item>
            <title>IT Audit</title>
            <link>http://forum.lowyat.net/topic/1027728</link>
            <description>Recently, I had a couple of friends asking me to explain about IT Audit as I am currently working in this line. Therefore, I thought I&amp;#39;d share some of my views as well as some which I found online with the people here.&lt;br /&gt;&lt;br /&gt;&lt;u&gt;Background&lt;/u&gt;&lt;br /&gt;&lt;br /&gt;IT audit involves reviewing all the organisation&amp;#39;s IT business processes and data that are integrated with the organisation&amp;#39;s financial system. The review covers review of controls and compliance with the organisation&amp;#39;s pre-set policies and procedures. IT audits are generally well planned procedures that focus on high-risk areas within the organisation that can be determined by the AGO, the audit committee, the board of directors or even the financial auditors of the organisation.&lt;br /&gt;&lt;br /&gt;The objective of an IT audit could, for example, include&lt;br /&gt;- a systems implementation project that has exceeded its budgetted time and cost&lt;br /&gt;- a revenue generating system (ie. telecommunications billing system) that has wrongly reported the monthly revenue for financial reporting&lt;br /&gt;- a financial system that is deemed critical in churning out the organisation&amp;#39;s yearly financial reports&lt;br /&gt;- compliance with international or even local legislation such as Sarbanes-Oxley Act or BURSA requirements&lt;br /&gt;&lt;br /&gt;In general, IT audits help organisations monitor how the IT systems and controls supports their main business functions while validating the reliability, security, integrity and privacy of the IT systems. IT audits can also help organisations implement control structure processes such as Control Objectives for Information and Related Technology (COBIT), the Committee of Sponsoring Organizations of the Treadway Commission (COSO), and Internal Organization for Standardization (ISO) standards 27001, 27002, 17799, and their amendments.&lt;br /&gt;&lt;br /&gt;&lt;u&gt;Process&lt;/u&gt;&lt;br /&gt;&lt;br /&gt;IT audits focus on controls to prevent, detect, and correct any erroneous, abnormal, or illegal transaction from occurring. The typical IT audit cycle consists of the following steps:&lt;br /&gt;- define the risks&lt;br /&gt;- define the control objectives to mitigate the risks&lt;br /&gt;- define the scope of work to meet the control objectives&lt;br /&gt;- perform a walkthrough or review organisation&amp;#39;s policies and procedures to understand the procedures in place &lt;br /&gt;- perform a test of 1 to ensure understanding of the procedures is in compliance to current practice&lt;br /&gt;- perform sampled testing to ensure procedures are performing effectively throughout audit period&lt;br /&gt;- evaluate control weaknesses as a result of testings performed&lt;br /&gt;- highlight control weaknesses and recommendations to the organisation&lt;br /&gt;&lt;br /&gt;After all fieldwork is performed, the IT auditor submits a final report that includes auditee responses (includes corrective actions taken or planned) for each of the control weaknesses noted. A follow-up audit which will happen later will be performed to ensure that corrective actions were carried out as per management responses and risks identified earlier have been minimised or mitigated.&lt;br /&gt;&lt;br /&gt;&lt;u&gt;IT Auditors&lt;/u&gt;&lt;br /&gt;&lt;br /&gt;The IT auditor is also critical component in the financial auditing process and as such should be certified, whether as a CPA, Certified Information Systems Auditor (CISA) or Certificated Information Security Manager (CISM). Both certifications are issued by the Information Systems Audit and Control Association (ISACA). Other certifications that can be considered by IT auditors are Certified Internal Auditor (CIA), issued by the Institute of Internal Auditors (IIA), or Certified Information Systems Security Professional (CISSP), issued by the International Information Systems Security Certification Consortium (ISC)2.&lt;br /&gt;&lt;br /&gt;IT auditors are found in most major companies as part of the Corporate Audit department. In addition, the Big4 audit firms (PwC, EY, KPMG and DTT) also offer IT audit services to assist their financial auditors as well as direct to other organisations. There does not seem to be any fixed requirements to be an IT auditor, however familiarity with IT systems and financial statements would be beneficial. In addition, IT auditors should have decent oral and written communication skills as they will be dealing with various types of clients from the groundwork staff (walkthroughs and IT systems understanding) to upper management (reports discussion and presentations). &lt;br /&gt;&lt;br /&gt;I&amp;#39;m not sure if this will help anybody but just wanted to share my thoughts and views on this. However if there are anyone else in this industry that would like to correct me or add on, please do. I appreciate the feedback. Do PM me if you need any clarification.</description>
            <author>konichiwawa</author>
            <category>Jobs &amp;amp; Careers</category>
            <pubDate>Tue, 12 May 2009 15:05:15 +0800</pubDate>
        </item>
    </channel>
</rss>
