SlideShare a Scribd company logo

WHAT IS THE INFORMATION SYSTEM AUDIT.pdf

A
AxelKAPITA1

The document discusses the information system audit, which aims to evaluate the quality, effectiveness, and efficiency of a company's information systems. It does this through examining procedures, processes, technologies, data, and personnel to identify risks. The goals are to increase accountability, ensure best practices, understand system usage, assess strengths and weaknesses, and ensure reliability of financial reporting. It provides classifications of audits and outlines the required skills, areas, approaches, standards, concepts, tools, technologies, and documents involved in performing an information systems audit.

Leadership & Management
1 of 15
Download to read offline
1
2
3
Most read
4
5
6
7
Most read
8
9
10
Most read
11
12
13
14
15
WHAT IS THE INFORMATION SYSTEM AUDIT? Axel KAPITA TSHISUYI Information System Auditor|Project Management|E-governance|Business Analytics|Leadership|Web Development| Author 2/16/2023 1
DEFINITIONS The Information Systems Audit is a management activity that aims to control the quality, effectiveness, and efficiency in the execution of the constituent elements of a company's Information System (Data, software, processes, IT infrastructures, project management, finances, Human resources, tools and many more ) in the objective of highlighting its SWOT (Strength, Weaknesses, Opportunities, and Threats) in order to formulate recommendations followed by actions-plan and a behavior change policy. 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 2
INFORMATION SYSTEM AUDIT PURPOSES Generally, carrying out an information systems audit enables best dealing with current problems, or even to anticipate them. This involves examining all the parties and all the resources that come into play in its operation, in particular, it concerns essentially procedures, processes, technologies, data, and personnel in order to detect the risks that the company, through its system information, may not be able to achieve its strategic objectives. Specifically, the followings:: 1. Increase accountability of stakeholders and shareholders; 2. Use of high-level good practice; 3. Understanding of the use made of all parts of the information system; 4. Assessment of strengths and weaknesses in order to support the business. 5. Assess the strategic and qualitative aspects of the information system; 6. An assurance of the reliability, sincerity, and fidelity of the financial statements; 7. Assess the Internal Control if it exists. 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 3
BENEFICIARIES 1. The Information Systems Department in the order to assess its effectiveness and performance; 2. The Finance Department in order to assess the resources involved and see the reliability, fidelity, and regularity of the financial statements; 3. General Manager to get a clear insight into the activity of each department; 4. Shareholders/stakeholders to get a clear insight into their investments and the enterprise’s health; 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 4
CLASSIFICATIONS We can classify different types of audits according to the followings: (i) their internal/external characteristics to the audited structure; (ii) according to their specificities (finances, information system security, project, supply, stocks, purchases, studies, production, taxes, and application compliances); (iii) in terms of legal obligations (legal audit and contractual audit). 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 5
SKILLS REQUIRED 1. Effective communication; 2. Time management; 3. Analysis and critical-mind; 4. Solving Problem Methods; 5. Data Analysis; 6. Information systems; 7. Finances and accounting; 8. Risks management; 9. Overall understanding of sector area, 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 6
FIELDS AREAS 1. Finances and accountings; 2. IT Networking, 3. Cyber security 4. Data Management; 5. Software; 6. Business Processes; 7. Human Resources; 8. Project Management; 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 7
APPROACHES An audit approach is defined as a strategy, method, or technique used by an auditor to carry out his mission. Thus, generally we have the following: 1. Audit by an exhaustive approach (Full-audit); 2. Audit by analyzing Internal Control; 3. Audit by risk approach 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 8
EXECUTION PROCESS 1. Methodology definition; 2. Planning; 3. Work-Team designing; 4. Entity Understanding; 5. Risk assessment and analysis; 6. Investigations; 7. Reporting; 8. Recommendations following-up, 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 9
GENERAL STANDARDS USED 1. COBIT for the information systems governance and any other one; 2. ITIL for IT services provision and any other one; 3. ISO 9001 for quality management; 4. ISO 27001 for information system security; 5. CMMI for software projects management and any other one; 6. PMPI for project management; 7. ISA for general audit and accounting; 8. COSO for Internal Control; 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 10
ESSENTIAL CONCEPTS TO KNOW IN INFORMATION SYSTEMS AUDIT 1. Information system assets 2. Evidence 3. Threat 4. Vulnerability 5. Impact 6. Audit trail, 7. Reliable Audit Trail 8. Framework 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 11
TOOLS AND METHODS 1. Gap Analysis; 2. Lean Six Sigma for quality; 3. Total Quality Management; 4. Reengineering Process for process Assessment; 5. PDCA; 6. Getting Things Done; 7. Who, What, Where, How, How much,Why? 5 whys 8. Brainstorming; 9. Ishikawa Diagram; 10. Mind Mapping; 11. Scoring board, SMART, RACI, Causes-effect diagram; 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 12
TECHNOLOGIES USED 1. Advanced Microsoft Excel; 2. Tableau Software; 3. Python programming; 4. SQL. 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 13
DOCUMENTS FOR CONSULTATION 1. Business Impact Analysis; 2. Internal regulations and standards; 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 14
THANKS YOU FOR READING Contacts : Links:  https://www.linkedin.com/in/axel-kapita-1125a832/ https://www.amazon.fr/dp/B096TTDLMJ https://public.tableau.com/app/profile/kapita.tshisuyi E-mail: axelkapita@proton.me 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 15

More Related Content

PDF
Vulnerability Management
asherad
 
PPTX
NESA on Steroids
PaladionNetworks01
 
PDF
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
PDF
Application Security - Your Success Depends on it
WSO2
 
PPT
Information security-management-system
intellisenseit
 
PPTX
Shubham IT Project on cyber security & awareness
maheshmarch2025
 
PDF
Insecure direct object reference (null delhi meet)
Abhinav Mishra
 
PPT
Security and personnel bp11521
Merlin Florrence
 
Vulnerability Management
asherad
 
NESA on Steroids
PaladionNetworks01
 
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
Application Security - Your Success Depends on it
WSO2
 
Information security-management-system
intellisenseit
 
Shubham IT Project on cyber security & awareness
maheshmarch2025
 
Insecure direct object reference (null delhi meet)
Abhinav Mishra
 
Security and personnel bp11521
Merlin Florrence
 

What's hot (20)

PDF
Designing Virtual Network Security Architectures
Priyanka Aash
 
PDF
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
PPTX
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
PPT
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
PDF
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
PPT
Secure code practices
Hina Rawal
 
PPTX
Information security management system
Arani Srinivasan
 
PPT
A Brief Introduction in SQL Injection
Sina Manavi
 
PPTX
Security testing
Khizra Sammad
 
PPT
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
PDF
A to Z of Information Security Management
Mark Conway
 
PDF
Physical Security Presentation
Wajahat Rajab
 
PPTX
ISMS Awareness Training (2) (1).pptx
vasidharta
 
PDF
Cybersecurity Awareness Training Presentation v2024.03
DallasHaselhorst
 
PDF
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
 
PDF
Information Security Awareness
Ali Hassan Ba-Issa
 
PDF
Security architecture
Duncan Unwin
 
PPTX
Identity and Access Management Introduction
Aidy Tificate
 
PDF
Network Architecture Review Checklist
Eberly Wilson
 
PDF
Cybersecurity Basics - Aravindr.com
Aravind R
 
Designing Virtual Network Security Architectures
Priyanka Aash
 
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
Secure code practices
Hina Rawal
 
Information security management system
Arani Srinivasan
 
A Brief Introduction in SQL Injection
Sina Manavi
 
Security testing
Khizra Sammad
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
A to Z of Information Security Management
Mark Conway
 
Physical Security Presentation
Wajahat Rajab
 
ISMS Awareness Training (2) (1).pptx
vasidharta
 
Cybersecurity Awareness Training Presentation v2024.03
DallasHaselhorst
 
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
 
Information Security Awareness
Ali Hassan Ba-Issa
 
Security architecture
Duncan Unwin
 
Identity and Access Management Introduction
Aidy Tificate
 
Network Architecture Review Checklist
Eberly Wilson
 
Cybersecurity Basics - Aravindr.com
Aravind R
 
Ad

Similar to WHAT IS THE INFORMATION SYSTEM AUDIT.pdf (20)

DOCX
Audit system
maureaguirre
 
DOCX
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
DOCX
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
joellemurphey
 
PPT
Itrisksisaudit1
PrabhatSingh316896
 
PPT
Auditing concept
Ganesh Sharma
 
DOCX
Task 2
BIBEKCHAUDHARYBScHon
 
DOCX
Audit system
maureaguirre
 
PPSX
Does audit make us more secure
EnterpriseGRC Solutions, Inc.
 
PPT
Compliance audit
Emma Yaks
 
PPT
008.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
PDF
Grc and is audit
BIBEKCHAUDHARYBScHon
 
PPTX
Tugas mandiri audit novita dewi 11353202277
novita dewi
 
PPTX
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
Muhammad Azmy
 
PPT
James hall ch 15
David Julian
 
PDF
Solution Manual for Accounting Information Systems, 10th Edition
pikkdanuu
 
PDF
Auditing information systems
Kenya Allmond
 
PDF
auditpresentation-121006061658-phpapp02.pdf
owaissayyed0041
 
PPTX
A r das & associates
Tapas Bhattacharya
 
PPTX
Information system audit
Jayant Dalvi
 
PPTX
CISA Training - Chapter 1 - 2016
Hafiz Sheikh Adnan Ahmed
 
Audit system
maureaguirre
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
joellemurphey
 
Itrisksisaudit1
PrabhatSingh316896
 
Auditing concept
Ganesh Sharma
 
Task 2
BIBEKCHAUDHARYBScHon
 
Audit system
maureaguirre
 
Does audit make us more secure
EnterpriseGRC Solutions, Inc.
 
Compliance audit
Emma Yaks
 
008.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
Grc and is audit
BIBEKCHAUDHARYBScHon
 
Tugas mandiri audit novita dewi 11353202277
novita dewi
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
Muhammad Azmy
 
James hall ch 15
David Julian
 
Solution Manual for Accounting Information Systems, 10th Edition
pikkdanuu
 
Auditing information systems
Kenya Allmond
 
auditpresentation-121006061658-phpapp02.pdf
owaissayyed0041
 
A r das & associates
Tapas Bhattacharya
 
Information system audit
Jayant Dalvi
 
CISA Training - Chapter 1 - 2016
Hafiz Sheikh Adnan Ahmed
 
Ad

Recently uploaded (20)

PPT
Introduction to Operations And Supply Management
evelynkongyeefoon
 
PPTX
Management and Leadership across culture at McDonald's
ssuserba0a06
 
PPTX
Unit 6: Product service and brand.pptx mm
BibekSah25
 
PPTX
Time Management 2 power point presentation
mreconomics1991
 
PDF
How to Present a Project Proposal to Stakeholders for Approval?
Writegenic AI
 
PPTX
Presentation on Housekeeping Issue @RP.pptx
pabitrapanda14
 
PPTX
Principles & Theories of Mgt-Master in PM.pptx
lelouchvikim
 
PPTX
Basics of Project Management for development of leadership skills in practice
KalyaniSalvi
 
PPTX
SM_Behavior Based Safety (BBS)_Unit V.pptx
veeramuthu sundararaju
 
PPTX
WORLD TRADE ORAGANIZATION- INSTITUTION TO MANAGE TRADE BETWEEN NATIONS
jpallavi308
 
PDF
Leadership communication-virtual environments
jayasrikanagaraj0
 
PPTX
BASIC H2S TRAINING for oil and gas industries
mishraankit9408
 
PPTX
Self-Awareness and Values Development presentation
KhanfromInfitel
 
PPTX
Review of "Living Beyond Self Doubt" by Som Bathla
UmmeRubab48
 
PPTX
Leading, its definiton, example, and types.pptx
laurencemallari4
 
PDF
Personal-Professional-Development-in-Nursing-1.pdf
ReaRabi
 
PPTX
Organisational behaviour_ managerial applications of perception
durga7339429670
 
PPTX
EMOTIONAL INTELLIGENCE IN LEADERSHIP.pptx
sagingparat
 
PDF
Geopolitics and the Dynamic Competition Framework
David Teece
 
PDF
The ANC Youth League: Navigating the Next Generation Struggle and Strategy by...
Matthews Bantsijang
 
Introduction to Operations And Supply Management
evelynkongyeefoon
 
Management and Leadership across culture at McDonald's
ssuserba0a06
 
Unit 6: Product service and brand.pptx mm
BibekSah25
 
Time Management 2 power point presentation
mreconomics1991
 
How to Present a Project Proposal to Stakeholders for Approval?
Writegenic AI
 
Presentation on Housekeeping Issue @RP.pptx
pabitrapanda14
 
Principles & Theories of Mgt-Master in PM.pptx
lelouchvikim
 
Basics of Project Management for development of leadership skills in practice
KalyaniSalvi
 
SM_Behavior Based Safety (BBS)_Unit V.pptx
veeramuthu sundararaju
 
WORLD TRADE ORAGANIZATION- INSTITUTION TO MANAGE TRADE BETWEEN NATIONS
jpallavi308
 
Leadership communication-virtual environments
jayasrikanagaraj0
 
BASIC H2S TRAINING for oil and gas industries
mishraankit9408
 
Self-Awareness and Values Development presentation
KhanfromInfitel
 
Review of "Living Beyond Self Doubt" by Som Bathla
UmmeRubab48
 
Leading, its definiton, example, and types.pptx
laurencemallari4
 
Personal-Professional-Development-in-Nursing-1.pdf
ReaRabi
 
Organisational behaviour_ managerial applications of perception
durga7339429670
 
EMOTIONAL INTELLIGENCE IN LEADERSHIP.pptx
sagingparat
 
Geopolitics and the Dynamic Competition Framework
David Teece
 
The ANC Youth League: Navigating the Next Generation Struggle and Strategy by...
Matthews Bantsijang
 

WHAT IS THE INFORMATION SYSTEM AUDIT.pdf

  • 1. WHAT IS THE INFORMATION SYSTEM AUDIT? Axel KAPITA TSHISUYI Information System Auditor|Project Management|E-governance|Business Analytics|Leadership|Web Development| Author 2/16/2023 1
  • 2. DEFINITIONS The Information Systems Audit is a management activity that aims to control the quality, effectiveness, and efficiency in the execution of the constituent elements of a company's Information System (Data, software, processes, IT infrastructures, project management, finances, Human resources, tools and many more ) in the objective of highlighting its SWOT (Strength, Weaknesses, Opportunities, and Threats) in order to formulate recommendations followed by actions-plan and a behavior change policy. 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 2
  • 3. INFORMATION SYSTEM AUDIT PURPOSES Generally, carrying out an information systems audit enables best dealing with current problems, or even to anticipate them. This involves examining all the parties and all the resources that come into play in its operation, in particular, it concerns essentially procedures, processes, technologies, data, and personnel in order to detect the risks that the company, through its system information, may not be able to achieve its strategic objectives. Specifically, the followings:: 1. Increase accountability of stakeholders and shareholders; 2. Use of high-level good practice; 3. Understanding of the use made of all parts of the information system; 4. Assessment of strengths and weaknesses in order to support the business. 5. Assess the strategic and qualitative aspects of the information system; 6. An assurance of the reliability, sincerity, and fidelity of the financial statements; 7. Assess the Internal Control if it exists. 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 3
  • 4. BENEFICIARIES 1. The Information Systems Department in the order to assess its effectiveness and performance; 2. The Finance Department in order to assess the resources involved and see the reliability, fidelity, and regularity of the financial statements; 3. General Manager to get a clear insight into the activity of each department; 4. Shareholders/stakeholders to get a clear insight into their investments and the enterprise’s health; 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 4
  • 5. CLASSIFICATIONS We can classify different types of audits according to the followings: (i) their internal/external characteristics to the audited structure; (ii) according to their specificities (finances, information system security, project, supply, stocks, purchases, studies, production, taxes, and application compliances); (iii) in terms of legal obligations (legal audit and contractual audit). 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 5
  • 6. SKILLS REQUIRED 1. Effective communication; 2. Time management; 3. Analysis and critical-mind; 4. Solving Problem Methods; 5. Data Analysis; 6. Information systems; 7. Finances and accounting; 8. Risks management; 9. Overall understanding of sector area, 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 6
  • 7. FIELDS AREAS 1. Finances and accountings; 2. IT Networking, 3. Cyber security 4. Data Management; 5. Software; 6. Business Processes; 7. Human Resources; 8. Project Management; 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 7
  • 8. APPROACHES An audit approach is defined as a strategy, method, or technique used by an auditor to carry out his mission. Thus, generally we have the following: 1. Audit by an exhaustive approach (Full-audit); 2. Audit by analyzing Internal Control; 3. Audit by risk approach 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 8
  • 9. EXECUTION PROCESS 1. Methodology definition; 2. Planning; 3. Work-Team designing; 4. Entity Understanding; 5. Risk assessment and analysis; 6. Investigations; 7. Reporting; 8. Recommendations following-up, 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 9
  • 10. GENERAL STANDARDS USED 1. COBIT for the information systems governance and any other one; 2. ITIL for IT services provision and any other one; 3. ISO 9001 for quality management; 4. ISO 27001 for information system security; 5. CMMI for software projects management and any other one; 6. PMPI for project management; 7. ISA for general audit and accounting; 8. COSO for Internal Control; 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 10
  • 11. ESSENTIAL CONCEPTS TO KNOW IN INFORMATION SYSTEMS AUDIT 1. Information system assets 2. Evidence 3. Threat 4. Vulnerability 5. Impact 6. Audit trail, 7. Reliable Audit Trail 8. Framework 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 11
  • 12. TOOLS AND METHODS 1. Gap Analysis; 2. Lean Six Sigma for quality; 3. Total Quality Management; 4. Reengineering Process for process Assessment; 5. PDCA; 6. Getting Things Done; 7. Who, What, Where, How, How much,Why? 5 whys 8. Brainstorming; 9. Ishikawa Diagram; 10. Mind Mapping; 11. Scoring board, SMART, RACI, Causes-effect diagram; 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 12
  • 13. TECHNOLOGIES USED 1. Advanced Microsoft Excel; 2. Tableau Software; 3. Python programming; 4. SQL. 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 13
  • 14. DOCUMENTS FOR CONSULTATION 1. Business Impact Analysis; 2. Internal regulations and standards; 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 14
  • 15. THANKS YOU FOR READING Contacts : Links:  https://www.linkedin.com/in/axel-kapita-1125a832/ https://www.amazon.fr/dp/B096TTDLMJ https://public.tableau.com/app/profile/kapita.tshisuyi E-mail: axelkapita@proton.me 2/16/2023 KINSHASA-RDC, AXEL KAPITA/2023 15