Lecture 3-Mastering IS Auditing

Share

Summary

This video explains the critical process of mastering information systems auditing processes, detailing the language, function, navigation, legal aspects, and outsourcing considerations of IS audits.

Highlights

Introduction to IS Auditing
00:00:00

The video introduces information systems auditing as a critical process for safeguarding an organization's digital nervous system. It outlines the master plan, including the language of IS auditing, the IS audit function, navigating the audit universe, the rule of law, and calling in experts.

The Language of IS Auditing
00:00:34

This section defines key terms. 'Information' is data with meaning, 'Information System' is the machinery that moves this information, and 'Information Technology (IT)' refers to the tools used to build and maintain these systems. An 'Information Systems Audit' is then defined as the formal examination of management controls within an IT infrastructure. The Certified Information Systems Auditor (CISA) is introduced as the global standard for professionals in this field.

The IS Audit Function
00:02:22

This part distinguishes between an 'audit charter' (the organization's overarching constitution approved by the board) and an 'engagement letter' (a specific mission brief for a single audit). It emphasizes the critical importance of independence for the IS audit function and the need for auditors to be technically competent and objective, reporting directly to an audit committee.

Navigating the Audit Universe
00:03:13

This section covers the strategic planning of an audit. An 'audit universe' encompasses all auditable units. Due to vastness, a systematic approach is necessary: defining auditable units, identifying risk through process owners, evaluating objective criteria (quantifying potential loss), and constructing an audit plan. It highlights the challenge of insufficient resources, often forcing management to accept unmitigated risks or augment staff.

The Rule of Law in Auditing
00:04:39

This part discusses external forces like government and industry regulations. Auditors must document applicable laws, assess management's plans, review IT adherence to these rules, and actively check external contracts, given the significant legal impacts on electronic and personal data, e-commerce, and data storage.

Calling in the Experts: Outsourcing Audits
00:05:15

When an audit requires specialized expertise not available internally, outsourcing becomes necessary. This requires careful evaluation of independence, supervisory controls, legal restrictions, scope of work, and professional liability. Strict security measures are crucial, including background checks, access control, confidentiality, and non-disclosure agreements. The video emphasizes that while audit work can be delegated, professional liability always remains with management.

Recently Summarized Articles

Loading...