Learning the Work of a good IT Auditor

Kamper Sahin

2 min read
Learning the Work of a good IT Auditor

In order to grasp the particular nature of a great IT auditor? t work, it is usually best that a person find out fundamental of IT auditing i actually. e.: :

Precisely what is IT Examine?
Very best scope of an IT Examine?
Why perform THIS audit?
Code completion

What is THIS Audit?

IT sama dengan Technology (system/process/method) in order to produce the data needed by the consumers.

Information = Files that has been processed to accommodate the particular user requirements

Audit = assurance and even consulting activities

THAT Audit is only another branch of audit. It truly is essentially an assurance and consulting activities created to add value and even improve the THAT operations.

Interesting web sites into it Audit of which you can label: -

[http://www.theiia.org/itaudit/]

http://www.isaca.org/

What is typically the scope of your THAT Audit?

According to FFIEC Information TechnologyExamination Handbook, the typical range of an IT audit: -

Administration
Operations
Development & Buy
Information Safety
Business Continuity Setting up

According to COBIT, the particular scope of a great IT audit includes the followings: -

Plan & Arrange (PO)
Acquire & Implement (AI)
Supply & Support (DS)
Monitor & Examine (ME)

Whether you are using FFIEC, COBIT or any other strategy, the most crucial thing is to be able to understand your THIS environment and just how it is support the business business.

Why conduct IT audit?

The objective of a good IT audit is usually to assess the adequacy of the handles in place to be able to safeguard the informational assets.

Basically, in order to review the levels of IT risks, controls and coverage. My simple equation is: :

IT Risk? IT Handle = IT Coverage

Therefore, an IT auditor must assess the level associated with IT risks and controls that can be found in order to be able to determine whether there is definitely any exposure found in the organisation.

THIS Risks

There will be many ways to categorize the IT dangers.

One of the particular methods is: -

Infrastructure Risk


Availability Chance
Integrity Risk
Access Risk
Meaning Risk

Sign up for more like this.

Enter your email
Subscribe