Abstract image of a woman sitting on books and studying on a laptop

Running head AUDITING INFORMATION SYSTEMS PROCESS .docx

Download as DOCX, PDF
J
joellemurphey

The document discusses the process and importance of auditing information systems within organizations, emphasizing its role in ensuring data security, reliability, and operational efficiency. It outlines various techniques, tools, and guidelines for conducting information system audits, as well as the necessary qualifications for auditors. The paper also highlights the significance of systematic assessments, risk analysis, and internal controls to support organizational goals and improve trust in information technology systems.

Education
1 of 9
Download to read offline
1
2
3
4
5
6
7
8
9
Running head: AUDITING INFORMATION SYSTEMS PROCESS 1 AUDITING INFORMATION SYSTEMS PROCESS 2 Auditing information systems process Student’s Name University Affiliation Process of Auditing information systems Information system is the livelihood of every huge company. As it has been in the past years, computer systems don’t simply document transactions of business, rather essentially compel the main business procedures of the venture. In this kind of a situation, superior administration and company managers usually have worries concerning an information system. assessment is a methodical process in which a proficient, autonomous person impartially gets and assesses proof concerning affirmations about a financial unit or occasion with the intent to outline an outlook about and giving feedback on the extent in which the contention matches an acknowledged standards set. information systems auditing refers to the administration controls assessment inside the communications of Information Technology. The obtained proof valuation is used to decide if systems of information are defensive assets, maintenance reliability of data, and also if they are efficiently operating in order to attain organization’s goals or objectives (Hoelzer, 2009).
Auditing of Information Systems has become an essential part of business organization in both large and small business environments. This paper examines the preliminary points for carrying out and Information system audit and some of the, techniques, tools, guidelines and standards that can be employed to build, manage, and examine the review function. The Certified Information Systems Auditor (CISA) qualifications is recognized worldwide as a standard of accomplishment for those who assess, monitor, control and audit the information technology of an organization and business systems. Information Systems experts with a concern in information systems security, control and audit. At least five years of specialized information systems security, auditing and control work practice is necessary for certification. An audit contract should be present to evidently state the responsibility of the management, purpose for, in addition to designation of power to audit of Information System . The audit contract should also summarize the general right, responsibilities and scope of the purpose of audit. The uppermost level of management should endorse the contract and on one occasion it is set up, this contract is supposed to be distorted merely if the amendment is and might be meticulously defensible. The process of auditing information systems involves;- Audit Function Management; this process includes assessment which is systematic of policies and methods of management of the organization in management and utilization of resources, improvement of organization and employee, strategic and tactical planning. The main goals are to establish the present effectiveness level, suggesting improvements and putting down standards for performance in future. Standards of Assurance, IT Audit and Guidelines; these involve the relationships between standards, tools, guidelines and techniques. It also comprises of the assurance framework of Information technology among other standards. They describe a
framework of guidance and standards which relates to performance and acceptance of assurance activities and auditing (John, 2007). Risk Analysis; thisinvolves identifying specific risks that might be faced by the information system of the organization and establish the impacts, occurrence likelihood, severity and priority and recommendations of strategies of mitigation. Internal Controls; these are actions that the management and other groups take for risk management and increase the possibility that the identified goals and objectives will be attained. Perform an Information System Audit; this process involves the evaluation of weaknesses and strengths of the audit, testing, sampling, recommendation implementation of the management and communicating the results of the audit, among others (Richard, 2007). The function of audit of Information System is to evaluate and offer suggestions, reassurance in addition to feedback. These apprehensions may be categorized in three wide categories: · accessibility: This entails whether the information scheme which the organization greatly depends on will be accessible for the company during all the occasions when needed. It also answers questions like whether the whole of the system is well protected against all kinds of disasters and losses. · discretion: This concerns whether the data inside the system will be revealed solitary to the people who are in need to see it and utilize it but not to everyone else.
· reliability: This entails whether the data offered by the system will at all times be timely, dependable in addition to being accurate. It also makes sure that there is no illegal alteration that could be carried out on the software or else the data inside the system. The advantages of review can be categorized into four groups which include: · Strategic Benefits. Reliability of information formed by the business. Improved client assurance. · Operational advantages. Improved worker Morale in addition to Productivity. Reliability of Data makes it possible for Management to formulate accurate and informed choices. · economic Benefits. Improved Performance of the hardware. prices of burglary of Information System property are condensed. · technological Benefits. Organization choices regarding Computer generated information are consistent. Company associates trust the Organization’s administration distribution in addition to control of susceptible Data. ASPECTS OF INFORMATION SYSTEM AUDIT: information systems are not merely processors. present information systems have become intricate and contain many constituents which come together to build a company resolution (Weber, 2002). Reassurance about information systems could be
attained simply if every constituent is assessed and protected. The main aspects of Information Systems review could be largely categorized into: · Environmental and physical evaluation which consists of humidity control, air conditioning, power supply, physical security in addition to other ecological aspects. · system management evaluation: system management evaluation entails safety evaluation regarding the database administration schemes, operating structures and each and every system management compliance along with procedures. · appliance software evaluation. The appliance of the business can be an enterprise resource planning system, a web based client order processing system, invoicing or a payroll scheme that essentially operates the company. The evaluation of such appliance software would include corresponding manual procedures and controls, business procedures within the application software, mistake and exception handling, validations, authorizations and access control. In addition, an evaluation of the scheme development lifecycle is supposed to be accomplished. · system security evaluation. The typical areas covered by this review include the evaluation of the external and internal connections to the system, intrusion detection and port scanning, router admission control lists, review of the firewall and boundary security. · Business permanence review. Business permanence review entails maintenance plus existence of error lenient and superfluous hardware, backing storage, procedures plus tested disaster and documented business or recovery stability arrange.
· information reliability evaluation. The intention of this examination of live information is for confirming the impact of weaknesses in addition to sufficiency of controls like observed on or after one of the previous evaluations. Such substantial investigation can be carried out using a software for comprehensive auditing. for instance PC aided review procedures (Weber, 2002). It can be imperative appreciating that every review may have all of these aspects in different extents. various auditors may examine just one of the aspects and leave the other aspects. However, it is essential to carry out all the aspects though it is not compulsory to carry out all of them in one task. The set of skills that is needed for every of these aspects is dissimilar. The outcomes on every review require not to be perceived in relation to another. This allows the examiner and the administration to obtain the full scrutiny of problems and concerns. This review is very important. All these aspects require to be tackled in order to give the administration an apparent evaluation of the scheme. For instance, appliance software can be fine planned and executed with all the safety characteristics, and the defaulting user secret code inside the working system utilized on the server could not have been altered, thus permitting somebody to see the records files openly. a circumstance like this contradicts whatsoever precautions that was constructed into the appliance. similarly, technological system safety and firewalls might have been executed thoroughly, excluding the access controls and task definitions in the application software might have also been inadequately planned and executed where making use of the client IDs, workers might get to see vital and delicate data far ahead of their positions (Weber, 2002).. We should also appreciate that every examination might entail these aspects in different actions. Some reviews may inspect just one of the aspects or leave some of the aspects. It is however necessary to to carry out all of these aspects but it is not compulsory to carry out all of them in a single task. The set
of skills needed for every aspect is dissimilar. The outcomes of each review should not be perceived the same as another. This will allow the examiner and the administration to get a complete view of concerns and difficulties. This review is very significant. threat based Approacheach organization utilizes several of systems of information. There might be diverse functions for diverse activities in addition to functions and there might be various workstation installations at diverse physical positions. The examiner is confronted with the difficulties of what to audit, at what time in addition to how regularly he should do so. The response to all this is to implement an approach that is threat based. whereas there are hazards intrinsic to the systems, the hazards crash diverse schemes in diverse ways. hazards of no availability can be severe even if it happens for an hour (Weber, 2002). hazards of illegal alteration could be a basis to potential losses as well as frauds to online bank system. A bunch dispensation scheme or an information merging system might be comparatively a little more susceptible to a number of these perils. The industrial surroundings on which the scheme operate on may also have an effect on the hazard connected by the system. The procedure that could be pursued for a threat based approach to creation of an review plan include: 1. Account for the information system in exercise in the business and classify them. 2. Decide on which of the system has vital assets or functions, for examle how close to actual time they function, decision making, customers, materials and money. 3. Evaluate which hazards influence the systems and their strictness of consequence on the company.
4. Categorize the schemes on basis of the above evaluation and settle on the review frequency, schedule, assets and priority. The auditor can then come up with an annual review plan that classifies the reviews that will be carried out during the period od of time according to the plan in adition to the assets that are necessary. Groundwork before instigating a review entails gathering of background data and examining the skills plus the resources needed to perform the review. This allows employees having the correct type of proficiency to be selected to the correct task. It is at all times good to have an official review beginning convention with the top administration answerable for the section under review to conclude the extent, recognize the extraordinary problems, if present, plan the date as well as clarify on the technique for the review. conventions like this should get topr administration concerned, permit individuals to meet up with one another, explain concerns and essential company worries as well as assist the review to be performed efficiently (Weber, 2002). References Weber, R. (2002). EDP Auditing. Conceptual Foundations and Practice. Hoelzer, D. (2009). Audit Principles, Risk Assessment & Effective Reporting. SANS Press. John, B. (2007). Public Sector Auditing: Is it Value for Money? Creating a culture of compliance Richard, C. (2007). Information system auditing; Auditor's Guide to Information Systems Auditing. High Tower SoftwareZENER, B. (2012). Public Sector Auditing: SANS Press.
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx

More Related Content

DOCX
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
PPTX
Controls in Audit.pptx
HardikKundra
 
PDF
Information systems and its components iii
Ashish Desai
 
PPT
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
PPTX
Overview-of-an-IT-Audit-Lesson-1.pptx
JoshJaro
 
PPT
Risk Management: A Holistic Organizational Approach
Graydon McKee
 
DOCX
To meet the requirements for lab 10 you were to perform Part 1, S
TakishaPeck109
 
PPTX
it grc
9535814851
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
Controls in Audit.pptx
HardikKundra
 
Information systems and its components iii
Ashish Desai
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
Overview-of-an-IT-Audit-Lesson-1.pptx
JoshJaro
 
Risk Management: A Holistic Organizational Approach
Graydon McKee
 
To meet the requirements for lab 10 you were to perform Part 1, S
TakishaPeck109
 
it grc
9535814851
 

Similar to Running head AUDITING INFORMATION SYSTEMS PROCESS .docx (20)

PPT
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
gueste080564
 
PPT
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
renetta
 
PPT
Technology Controls in Business - End User Computing
guestc1bca2
 
DOC
Unit Iii
Ram Dutt Shukla
 
PDF
Information systems and its components ii
Ashish Desai
 
PPTX
Presentation1.pptx
JunaidAhmed976315
 
DOCX
Information 2nd lesson
Anne ndolo
 
PPTX
Cyber Security Audit and Information Security.pptx
alamba570
 
PPT
Security audit
Rosaria Dee
 
PDF
Dit yvol5iss38
Rick Lemieux
 
PPT
IT System & Security Audit
Mufaddal Nullwala
 
PPTX
The Role of a Compliance Management System in the Manufacturing Sector.pptx
bidhanbarman2508
 
PDF
Successful preparation for regulatory inspections of computerized systems in ...
ARITHMOS
 
PPT
Security Management Practices
amiable_indian
 
PPTX
Information system implementation, change management and control
Shruti Pendharkar
 
DOCX
Building Information System
Rabia Jabeen
 
DOCX
Complete Guide to Fine-Grained Access Review.docx
Safe PaaS
 
DOCX
OverviewYou have been hired as an auditor for a local univer.docx
aman341480
 
DOCX
IS Audits and Internal Controls
Bharath Rao
 
PPTX
Logging, monitoring and auditing
Piyush Jain
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
gueste080564
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
renetta
 
Technology Controls in Business - End User Computing
guestc1bca2
 
Unit Iii
Ram Dutt Shukla
 
Information systems and its components ii
Ashish Desai
 
Presentation1.pptx
JunaidAhmed976315
 
Information 2nd lesson
Anne ndolo
 
Cyber Security Audit and Information Security.pptx
alamba570
 
Security audit
Rosaria Dee
 
Dit yvol5iss38
Rick Lemieux
 
IT System & Security Audit
Mufaddal Nullwala
 
The Role of a Compliance Management System in the Manufacturing Sector.pptx
bidhanbarman2508
 
Successful preparation for regulatory inspections of computerized systems in ...
ARITHMOS
 
Security Management Practices
amiable_indian
 
Information system implementation, change management and control
Shruti Pendharkar
 
Building Information System
Rabia Jabeen
 
Complete Guide to Fine-Grained Access Review.docx
Safe PaaS
 
OverviewYou have been hired as an auditor for a local univer.docx
aman341480
 
IS Audits and Internal Controls
Bharath Rao
 
Logging, monitoring and auditing
Piyush Jain
 
Ad

More from joellemurphey (20)

DOCX
Eastern European countries appear to have become dependent on Ru.docx
joellemurphey
 
DOCX
EAS 209 Second Response Paper Topic Assignment Due .docx
joellemurphey
 
DOCX
Earth Science LabIn what order do materials settle in waterSo t.docx
joellemurphey
 
DOCX
EarlyIntervention Strategies Paper (15 points)The pu.docx
joellemurphey
 
DOCX
Early Hominids & Australopithecus SubscribeWhat is a too.docx
joellemurphey
 
DOCX
Early scholarly and philosophical manuscripts were in Greek. However.docx
joellemurphey
 
DOCX
Early Learning & Developmental Guidelines July 2017 1 .docx
joellemurphey
 
DOCX
Early Innovations and Their Impact Today Wilbur and Orville Wrig.docx
joellemurphey
 
DOCX
Early childhood professionals have an essential role in creating.docx
joellemurphey
 
DOCX
Early Constitutional ControversiesIn 1788, Alexander Hamilton and .docx
joellemurphey
 
DOCX
Early Civilizations MatrixUsing your readings and outside sour.docx
joellemurphey
 
DOCX
Early childhood teachers need to stay connected to what is occurring.docx
joellemurphey
 
DOCX
Early and Middle Adulthood PaperPrepare a 1,050- to 1,400-word.docx
joellemurphey
 
DOCX
Earlier this semester, you participated in a class discussion about .docx
joellemurphey
 
DOCX
EAP1640 - Level 6 Writing (Virtual College, MDC) Author P.docx
joellemurphey
 
DOCX
Earlean, please write these notes for me. October 01, 20181. My .docx
joellemurphey
 
DOCX
eam Assignment 4 Teaming Across Distance and Culture..docx
joellemurphey
 
DOCX
ead the following articleMother Tongue Maintenance Among North .docx
joellemurphey
 
DOCX
eActivityGo to the United States Equal Employment Oppo.docx
joellemurphey
 
DOCX
Each year on or around June 15, communities and municipalities aroun.docx
joellemurphey
 
Eastern European countries appear to have become dependent on Ru.docx
joellemurphey
 
EAS 209 Second Response Paper Topic Assignment Due .docx
joellemurphey
 
Earth Science LabIn what order do materials settle in waterSo t.docx
joellemurphey
 
EarlyIntervention Strategies Paper (15 points)The pu.docx
joellemurphey
 
Early Hominids & Australopithecus SubscribeWhat is a too.docx
joellemurphey
 
Early scholarly and philosophical manuscripts were in Greek. However.docx
joellemurphey
 
Early Learning & Developmental Guidelines July 2017 1 .docx
joellemurphey
 
Early Innovations and Their Impact Today Wilbur and Orville Wrig.docx
joellemurphey
 
Early childhood professionals have an essential role in creating.docx
joellemurphey
 
Early Constitutional ControversiesIn 1788, Alexander Hamilton and .docx
joellemurphey
 
Early Civilizations MatrixUsing your readings and outside sour.docx
joellemurphey
 
Early childhood teachers need to stay connected to what is occurring.docx
joellemurphey
 
Early and Middle Adulthood PaperPrepare a 1,050- to 1,400-word.docx
joellemurphey
 
Earlier this semester, you participated in a class discussion about .docx
joellemurphey
 
EAP1640 - Level 6 Writing (Virtual College, MDC) Author P.docx
joellemurphey
 
Earlean, please write these notes for me. October 01, 20181. My .docx
joellemurphey
 
eam Assignment 4 Teaming Across Distance and Culture..docx
joellemurphey
 
ead the following articleMother Tongue Maintenance Among North .docx
joellemurphey
 
eActivityGo to the United States Equal Employment Oppo.docx
joellemurphey
 
Each year on or around June 15, communities and municipalities aroun.docx
joellemurphey
 
Ad

Recently uploaded (20)

PPTX
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
PDF
M.Tech in Aerospace Engineering | BIT Mesra
BIT Mesra
 
PPTX
2025 High Blood Pressure Guideline Slide Set.pptx
Ramesh Kumar
 
PDF
Race Reva University – Shaping Future Leaders in Artificial Intelligence
RACE REVA University
 
DOCX
Cambridge-Practice-Tests-for-IELTS-12.docx
ssuser0d93ff
 
PPTX
UNIT_2-__LIPIDS[1].pptx.................
Akanksha Kotangale
 
PDF
LEARNERS WITH ADDITIONAL NEEDS ProfEd Topic
Johnlloyd489543
 
PDF
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
PPTX
Education and Perspectives of Education.pptx
Central University of South Bihar, Gaya, Bihar
 
PDF
Climate and Adaptation MCQs class 7 from chatgpt
AkashDTejwani
 
PDF
Disorder of Endocrine system (1).pdfyyhyyyy
[email protected]
 
PDF
MICROENCAPSULATION_NDDS_BPHARMACY__SEM VII_PCI Syllabus.pdf
SabsKhan1
 
PDF
Journal of Dental Science - UDMY (2021).pdf
Nay Aung
 
PDF
Laparoscopic Colorectal Surgery at WLH Hospital
mohitsuren827
 
PPT
REGULATION OF RESPIRATION lecture note 200L [Autosaved]-1-1.ppt
muktarabdulwahab7
 
PDF
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
PPTX
Climate Change and Its Global Impact.pptx
vaishalidobhal148
 
PDF
Comprehensive Lecture on the Appendix.pdf
Ashraf Al-Bahla
 
PDF
CRP102_SAGALASSOS_Final_Projects_2025.pdf
City and Regional Planning, METU
 
PDF
Journal of Dental Science - UDMY (2020).pdf
Nay Aung
 
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
M.Tech in Aerospace Engineering | BIT Mesra
BIT Mesra
 
2025 High Blood Pressure Guideline Slide Set.pptx
Ramesh Kumar
 
Race Reva University – Shaping Future Leaders in Artificial Intelligence
RACE REVA University
 
Cambridge-Practice-Tests-for-IELTS-12.docx
ssuser0d93ff
 
UNIT_2-__LIPIDS[1].pptx.................
Akanksha Kotangale
 
LEARNERS WITH ADDITIONAL NEEDS ProfEd Topic
Johnlloyd489543
 
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
Education and Perspectives of Education.pptx
Central University of South Bihar, Gaya, Bihar
 
Climate and Adaptation MCQs class 7 from chatgpt
AkashDTejwani
 
Disorder of Endocrine system (1).pdfyyhyyyy
[email protected]
 
MICROENCAPSULATION_NDDS_BPHARMACY__SEM VII_PCI Syllabus.pdf
SabsKhan1
 
Journal of Dental Science - UDMY (2021).pdf
Nay Aung
 
Laparoscopic Colorectal Surgery at WLH Hospital
mohitsuren827
 
REGULATION OF RESPIRATION lecture note 200L [Autosaved]-1-1.ppt
muktarabdulwahab7
 
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
Climate Change and Its Global Impact.pptx
vaishalidobhal148
 
Comprehensive Lecture on the Appendix.pdf
Ashraf Al-Bahla
 
CRP102_SAGALASSOS_Final_Projects_2025.pdf
City and Regional Planning, METU
 
Journal of Dental Science - UDMY (2020).pdf
Nay Aung
 

Running head AUDITING INFORMATION SYSTEMS PROCESS .docx

  • 1. Running head: AUDITING INFORMATION SYSTEMS PROCESS 1 AUDITING INFORMATION SYSTEMS PROCESS 2 Auditing information systems process Student’s Name University Affiliation Process of Auditing information systems Information system is the livelihood of every huge company. As it has been in the past years, computer systems don’t simply document transactions of business, rather essentially compel the main business procedures of the venture. In this kind of a situation, superior administration and company managers usually have worries concerning an information system. assessment is a methodical process in which a proficient, autonomous person impartially gets and assesses proof concerning affirmations about a financial unit or occasion with the intent to outline an outlook about and giving feedback on the extent in which the contention matches an acknowledged standards set. information systems auditing refers to the administration controls assessment inside the communications of Information Technology. The obtained proof valuation is used to decide if systems of information are defensive assets, maintenance reliability of data, and also if they are efficiently operating in order to attain organization’s goals or objectives (Hoelzer, 2009).
  • 2. Auditing of Information Systems has become an essential part of business organization in both large and small business environments. This paper examines the preliminary points for carrying out and Information system audit and some of the, techniques, tools, guidelines and standards that can be employed to build, manage, and examine the review function. The Certified Information Systems Auditor (CISA) qualifications is recognized worldwide as a standard of accomplishment for those who assess, monitor, control and audit the information technology of an organization and business systems. Information Systems experts with a concern in information systems security, control and audit. At least five years of specialized information systems security, auditing and control work practice is necessary for certification. An audit contract should be present to evidently state the responsibility of the management, purpose for, in addition to designation of power to audit of Information System . The audit contract should also summarize the general right, responsibilities and scope of the purpose of audit. The uppermost level of management should endorse the contract and on one occasion it is set up, this contract is supposed to be distorted merely if the amendment is and might be meticulously defensible. The process of auditing information systems involves;- Audit Function Management; this process includes assessment which is systematic of policies and methods of management of the organization in management and utilization of resources, improvement of organization and employee, strategic and tactical planning. The main goals are to establish the present effectiveness level, suggesting improvements and putting down standards for performance in future. Standards of Assurance, IT Audit and Guidelines; these involve the relationships between standards, tools, guidelines and techniques. It also comprises of the assurance framework of Information technology among other standards. They describe a
  • 3. framework of guidance and standards which relates to performance and acceptance of assurance activities and auditing (John, 2007). Risk Analysis; thisinvolves identifying specific risks that might be faced by the information system of the organization and establish the impacts, occurrence likelihood, severity and priority and recommendations of strategies of mitigation. Internal Controls; these are actions that the management and other groups take for risk management and increase the possibility that the identified goals and objectives will be attained. Perform an Information System Audit; this process involves the evaluation of weaknesses and strengths of the audit, testing, sampling, recommendation implementation of the management and communicating the results of the audit, among others (Richard, 2007). The function of audit of Information System is to evaluate and offer suggestions, reassurance in addition to feedback. These apprehensions may be categorized in three wide categories: · accessibility: This entails whether the information scheme which the organization greatly depends on will be accessible for the company during all the occasions when needed. It also answers questions like whether the whole of the system is well protected against all kinds of disasters and losses. · discretion: This concerns whether the data inside the system will be revealed solitary to the people who are in need to see it and utilize it but not to everyone else.
  • 4. · reliability: This entails whether the data offered by the system will at all times be timely, dependable in addition to being accurate. It also makes sure that there is no illegal alteration that could be carried out on the software or else the data inside the system. The advantages of review can be categorized into four groups which include: · Strategic Benefits. Reliability of information formed by the business. Improved client assurance. · Operational advantages. Improved worker Morale in addition to Productivity. Reliability of Data makes it possible for Management to formulate accurate and informed choices. · economic Benefits. Improved Performance of the hardware. prices of burglary of Information System property are condensed. · technological Benefits. Organization choices regarding Computer generated information are consistent. Company associates trust the Organization’s administration distribution in addition to control of susceptible Data. ASPECTS OF INFORMATION SYSTEM AUDIT: information systems are not merely processors. present information systems have become intricate and contain many constituents which come together to build a company resolution (Weber, 2002). Reassurance about information systems could be
  • 5. attained simply if every constituent is assessed and protected. The main aspects of Information Systems review could be largely categorized into: · Environmental and physical evaluation which consists of humidity control, air conditioning, power supply, physical security in addition to other ecological aspects. · system management evaluation: system management evaluation entails safety evaluation regarding the database administration schemes, operating structures and each and every system management compliance along with procedures. · appliance software evaluation. The appliance of the business can be an enterprise resource planning system, a web based client order processing system, invoicing or a payroll scheme that essentially operates the company. The evaluation of such appliance software would include corresponding manual procedures and controls, business procedures within the application software, mistake and exception handling, validations, authorizations and access control. In addition, an evaluation of the scheme development lifecycle is supposed to be accomplished. · system security evaluation. The typical areas covered by this review include the evaluation of the external and internal connections to the system, intrusion detection and port scanning, router admission control lists, review of the firewall and boundary security. · Business permanence review. Business permanence review entails maintenance plus existence of error lenient and superfluous hardware, backing storage, procedures plus tested disaster and documented business or recovery stability arrange.
  • 6. · information reliability evaluation. The intention of this examination of live information is for confirming the impact of weaknesses in addition to sufficiency of controls like observed on or after one of the previous evaluations. Such substantial investigation can be carried out using a software for comprehensive auditing. for instance PC aided review procedures (Weber, 2002). It can be imperative appreciating that every review may have all of these aspects in different extents. various auditors may examine just one of the aspects and leave the other aspects. However, it is essential to carry out all the aspects though it is not compulsory to carry out all of them in one task. The set of skills that is needed for every of these aspects is dissimilar. The outcomes on every review require not to be perceived in relation to another. This allows the examiner and the administration to obtain the full scrutiny of problems and concerns. This review is very important. All these aspects require to be tackled in order to give the administration an apparent evaluation of the scheme. For instance, appliance software can be fine planned and executed with all the safety characteristics, and the defaulting user secret code inside the working system utilized on the server could not have been altered, thus permitting somebody to see the records files openly. a circumstance like this contradicts whatsoever precautions that was constructed into the appliance. similarly, technological system safety and firewalls might have been executed thoroughly, excluding the access controls and task definitions in the application software might have also been inadequately planned and executed where making use of the client IDs, workers might get to see vital and delicate data far ahead of their positions (Weber, 2002).. We should also appreciate that every examination might entail these aspects in different actions. Some reviews may inspect just one of the aspects or leave some of the aspects. It is however necessary to to carry out all of these aspects but it is not compulsory to carry out all of them in a single task. The set
  • 7. of skills needed for every aspect is dissimilar. The outcomes of each review should not be perceived the same as another. This will allow the examiner and the administration to get a complete view of concerns and difficulties. This review is very significant. threat based Approacheach organization utilizes several of systems of information. There might be diverse functions for diverse activities in addition to functions and there might be various workstation installations at diverse physical positions. The examiner is confronted with the difficulties of what to audit, at what time in addition to how regularly he should do so. The response to all this is to implement an approach that is threat based. whereas there are hazards intrinsic to the systems, the hazards crash diverse schemes in diverse ways. hazards of no availability can be severe even if it happens for an hour (Weber, 2002). hazards of illegal alteration could be a basis to potential losses as well as frauds to online bank system. A bunch dispensation scheme or an information merging system might be comparatively a little more susceptible to a number of these perils. The industrial surroundings on which the scheme operate on may also have an effect on the hazard connected by the system. The procedure that could be pursued for a threat based approach to creation of an review plan include: 1. Account for the information system in exercise in the business and classify them. 2. Decide on which of the system has vital assets or functions, for examle how close to actual time they function, decision making, customers, materials and money. 3. Evaluate which hazards influence the systems and their strictness of consequence on the company.
  • 8. 4. Categorize the schemes on basis of the above evaluation and settle on the review frequency, schedule, assets and priority. The auditor can then come up with an annual review plan that classifies the reviews that will be carried out during the period od of time according to the plan in adition to the assets that are necessary. Groundwork before instigating a review entails gathering of background data and examining the skills plus the resources needed to perform the review. This allows employees having the correct type of proficiency to be selected to the correct task. It is at all times good to have an official review beginning convention with the top administration answerable for the section under review to conclude the extent, recognize the extraordinary problems, if present, plan the date as well as clarify on the technique for the review. conventions like this should get topr administration concerned, permit individuals to meet up with one another, explain concerns and essential company worries as well as assist the review to be performed efficiently (Weber, 2002). References Weber, R. (2002). EDP Auditing. Conceptual Foundations and Practice. Hoelzer, D. (2009). Audit Principles, Risk Assessment & Effective Reporting. SANS Press. John, B. (2007). Public Sector Auditing: Is it Value for Money? Creating a culture of compliance Richard, C. (2007). Information system auditing; Auditor's Guide to Information Systems Auditing. High Tower SoftwareZENER, B. (2012). Public Sector Auditing: SANS Press.