Information Technology Reference
In-Depth Information
conduct an audit effectively. A detailed review of the IS audit process is covered in
chapter 2.
c) IS audit standards - An IS auditor can be effective if his audit work is based on ac-
cepted best practice, such as making use of standards and guidelines. Organisations
such as ISACA and IIA have published various standards and guidelines for use by
IS auditors in executing their work. An IS auditor requires a good understanding of
IS audit standards and guidelines. A detailed review of IT audit standards is covered
in chapter 3.
d) IT risk - One of the components of the enterprise risk management framework is IT
risk. The IS auditor is required to understand the IT risk profile of the client and how
it has been implemented. A detailed review of IT risk is covered in chapter 6.
e) IT governance - The IS auditor is expected to understand the IT governance frame-
work and related standards and guidelines such as ISO 38500, ITIL, and COBIT.
The understanding of IT governance is important for an IS auditor as it enables the
auditor to be able to conduct an IT governance audit and assess how IT governance
influences IT management and operations.
f) Information security - Understanding of information security is key for an IS auditor
as most type of audits have a requirement to review security implementation and op-
erations. Most auditing training courses, including the most sought after CISA certi-
fication, has a security module.
g) Flair for technology - In order to be a successful IS auditor, one requires to have a
good flair for technology. An IS auditor cannot conduct a successful audit without
having a good understanding of technology. Technology is ever changing, and new
technologies are introduced on the market every time. An IS auditor cannot afford to
remain behind and not understand new technologies on the market.
h) Specialised training - In addition to general IS auditing skills, an auditor may chose
to specialise in various specialist areas, such as information security, IT risk, IT gov-
ernance, networking, firewalls, databases, and application systems.
The business education market has noticed the growing need for IS auditing skills such that
they have now introduced various degree courses at bachelor's and master's level. This is in
direct competition with professional bodies which have been offering certification courses
for many years, such as ISACA and the Institute of Internal Auditors (IIA).
All auditors need to have an understanding of IS auditing whether as a financial internal or
external auditor because of the wide use of IT systems in automating business processes.
Search WWH ::
Custom Search