Information Technology Reference
In-Depth Information
data transfers between databases, and account mapping. In this case, the other experts are
required to have good competencies in Oracle database design and administration in addi-
tion to general IS auditing qualifications and experience. The IS audit team will determine
what type of assistance they need on the audit engagement from the other experts.
The required skills from the other experts might include professional qualifications or cer-
tifications in the area of assignment. It is recommended that the other experts also have
specific competencies and experience in the area of assignment. Competencies and experi-
ence refer to having previous experience in similar work and environment.
If the other experts are required to review CISCO firewalls, it would be required that the
experts should have appropriate competencies in CISCO firewalls. Depending on the type
of work to be carried out, the experts should also have appropriate experience such as two
or three years experience working in the area under review plus general information sys-
tems auditing experience. The IS audit team should also ensure that the other experts have
appropriate resources to conduct the audit, such as software tools, audit templates, and are
using approved audit standards and guidelines.
In order to carry out an effective IS audit, the audit team should also ensure that the other
experts are independent of the enterprise or department being audited and the audit team.
This will allow them to make independent and impartial recommendations to the audit
team. Independence will also give the audit team and the client the required confidence on
the opinion provided by the experts.
A key requirement when engaging other experts is the need to ensure quality control and
compliance processes are observed prior to the engagement taking place. These include the
experts signing confidentiality agreements, which would compel them not to disclose cli-
ent's confidential information. The other requirement would be for the other experts to sign
a conflict of interest statement, which would confirm that they have no specific interest in
the enterprise or department being audited. The statement should be prepared in a profes-
sional manner so that it is clear to both the client and any other parties who might request
access to the statement.
Understanding the Client's Business and IT Environment
Understanding the client's business and IT environment is an important requirement at the
planning stage. The two have been deliberately separated so that we can have a detailed
review of the subject areas. It has been observed that many IS auditors pay little attention
to details presented at the planning stage either because they feel that they already know
most of the information or because they are performing a second or third audit for the same
enterprise. A good understanding of the client's environment will enable the IS auditor to
Search WWH ::




Custom Search