Information Technology Reference
In-Depth Information
Compliance Audit
One of the common audits which are regularly performed by IS auditors are compliance
audits. These audits normally evaluate the organisation's compliance with IT policies, pro-
cedures, regulations, and legislation. IT policies and procedures are a creation of the en-
terprises whilst regulations and legislation would be enacted by governments or other au-
thorities. Compliance audits add value to the enterprise as they ensure good standing in the
market and community they operate in. Compliance audits also assist in mitigating risks
which the enterprise might be facing.
Specialised Audits
Specialised audits are audits which require specialised skills and normally go beyond the
requirements or scope of the IT general controls audit. Examples of specialised audits
would include auditing firewalls, databases, cloud hosting infrastructure, real-time security
systems, proprietary application systems, and use of audit software to perform substantive
analysis such as CAATs. We have used the term 'specialised audit' in order to distinguish
this type of audit from other audits which do not require specialised skills, such as the IT
general controls audit. This topic will be reviewed in more detail in chapter 12.
IS Auditing Skills
After considering the various types of IS audits which are at the disposal of the IS auditor,
it is important to also look at the skills required to be a good and effective IS auditor.
In order to be an effective IS auditor, one requires a combination of a number of skills. In
many cases, specialist skills are required to perform specialist audits, such as auditing a de-
militarised zone (DMZ) for a global online retailer such as Amazon.
Most employers looking for SAP IS auditors would insist that job applicants, apart from
being CISA-certified, should also be certified in SAP, which is a fair requirement and ap-
plies to most application systems. IS auditors need to receive specialist training in the sys-
tem they are auditing in addition to general IS auditing skills.
Listed below are some of the skills required for an IS auditor to be able to perform his job
effectively.
a) Project management - An IS auditor should have good project management skills to
be able to plan and execute his IS audit projects effectively and successfully.
b) IS audit process - The IS audit process is about how to conduct an IS audit from
planning to reporting. This is a general skill required for the IS auditor to be able to
Search WWH ::
Custom Search