Information Technology Reference
In-Depth Information
Specialised Information Systems Auditing
Introduction
Specialised IS audits are performed to support other types of audits, such as IT general con-
trols or application system controls audits covered in chapters 10 and 11. A typical example
would be an Oracle database audit. We are referring to such audits as specialised because
they require a special approach and skills which are beyond a non-specialised IS auditor.
Oracle database audits would be conducted by other experts according to 1204.1 ISACA IT
audit standard. The 1204.1 (using other experts) standard requires IS auditors to use other
experts where they do not have the necessary skills and competencies to conduct the audit.
For example, if the IS audit team does not have oracle database skills, they may not be able
to carry out the audit which will meet the requirements and standard expected and achieve
the agreed engagement objectives.
In this topic, we have categorised all audits other than IT general controls audits and ap-
plication controls audits as specialised audits. Of course, one might be tempted to say that
application systems audits can be called specialised audits because they require working
knowledge of the application system. Such audits may be called specialised audits if they
do not take a general approach but also require the use of technical knowledge and skills in
that particular application system. For purposes of differentiating between the three types of
audits, we will look at specialised audits as a different type of audit which requires technic-
al understanding of an application system. Examples would be ERP systems such as SAP,
Oracle, or Sun Business System.
In this chapter, we will review a number of audits which fall under the description of spe-
cialised audits. Our focus will be to review key areas which should address audit objectives
of specialised audits.
Types of Specialised IS Audits
We will review IS audits which we are calling specialised audits so that the IS auditor can
have a good picture of how these audits are performed. There are various objectives of per-
forming specialised audits, and many depend on the client's requirements and operational
demands.
Information Security Auditing
Search WWH ::
Custom Search