information systems audit-related designations
DESCRIPTION
In this slidecast, Michael Lin provides an overview on the role of information systems (IS) audits, available IS audit-related designations, and the benefits of attaining or hiring individuals with these designations. He also attempts to provide some guidelines on how an IS audit professional should pursue such designations.TRANSCRIPT
![Page 1: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/1.jpg)
INFORMATION SYSTEMS AUDIT-
RELATED DESIGNATIONS
ACC 626: Final Report Slidecast
Delivered by: Michael Lin
![Page 2: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/2.jpg)
Information System (IS) Audit...
Profession traditionally concerned with audit
Increased complexity in IS ingrained in business processes
Old requirements + New complexity = Need for new expertise
![Page 3: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/3.jpg)
...-Related Designations
Expertise:Specialists?Standardization?
In response, professional associations created IS audit-related designations
![Page 4: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/4.jpg)
Overview
Role of IS Audits Overview of IS Audit-Related
Designations Benefits of Certification – For the
Professional Benefits of Certification – For the
Organization Guidelines for the Pursuit of IS Audit-
Related Designations
![Page 5: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/5.jpg)
Role of IS Audits Need to understand role of IS audits in
today’s business environment Role relates to efficiently and effectively
conducting audits in the context of complex IS Some audit types where IS audit is employed:
Audit of Financial StatementsSection 5970 AuditsTrust ServicesInternal Audit
![Page 6: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/6.jpg)
Role of IS Audits (Cont’d)
Audit of Financial StatementsIS traditionally used to record, process, and
summarize transactions for financial statement generation
IS increasingly used for other critical business processes in an integrated manner
Section 5970 AuditsIS utilized for service deliveryIS includes many embedded controls
![Page 7: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/7.jpg)
Role of IS Audits (Cont’d) Trust Services
Security, availability, processing integrity, confidentiality, and privacy
IS clearly important Internal Audit
Not external reporting, delivers value in various ways
IS may be extensively utilized in business processes
i.e. Both internal and external audit may involve IS audit
![Page 8: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/8.jpg)
Overview of IS Audit-Related Designations Extensive number of relevant
designations, with some very specialized differences
To examine:Major designations in disciplineSome classifications of other related
designations
![Page 9: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/9.jpg)
Certified Information Systems Auditor (CISA) Single most relevant designation for IS
audit Flagship designation for ISACA (actual
name), with over more than 85,000 professionals in nearly 160 countries
“...for those who audit, control, monitor and assess an organization’s IT and business systems”
![Page 10: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/10.jpg)
CISA (Cont’d) Five job practice domains
Domain 1—The Process of Auditing Information Systems (14%)
Domain 2—Governance and Management of IT (14%)
Domain 3—Information Systems Acquisition, Development and Implementation (19%)
Domain 4—Information Systems Operations, Maintenance and Support (23%)
Domain 5—Protection of Information Assets (30%)
![Page 11: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/11.jpg)
Certified Information Security Manager (CISM) Second most popular designation
offered by ISACA with 16,000 professionals
“...for individuals who design, build and manage enterprise information security programs”, with a high-level management focus
![Page 12: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/12.jpg)
CISM (Cont’d)
Five job practice domainsDomain 1—Information Security Governance
(23%)Domain 2—Information Risk Management
(22%)Domain 3—Information Security Program
Development (17%)Domain 4—Information Security Program
Management (24%)Domain 5—Incident Management &
Response (14%)
![Page 13: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/13.jpg)
Certified Information Systems Security Professional (CISSP)
Offered by the International Information Systems Security Certification Consortium (ISC)2
For “professionals who develop policies and procedures in information security”
Offers concentrations in Architecture, Engineering, and Management
![Page 14: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/14.jpg)
CISSP (Cont’d) Ten domains of knowledge:
Access Control Application Development Security Business Continuity and Disaster Recovery Planning Cryptography Information Security Governance and Risk
Management Legal, Regulations, Investigations and Compliance Operations Security Physical (Environmental) Security Security Architecture and Design Telecommunications and Network Security
![Page 15: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/15.jpg)
Other Designations – IS and IT
Designations in IS and IT generally (i.e. not necessarily directly related to audit)
Benefits IS audit professionals through provision of general background knowledge or specific area expertise
Three potential categories:General focus, e.g. I.S.P.Specific organizational focus, e.g. CGEIT, CAPSpecific technical focus, e.g. C|EH, CSFA,
GCIH
![Page 16: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/16.jpg)
Other Designations - Accounting Designations in accounting related to
audit (i.e. non-technical) Benefits IS professionals through audit-
related expertise In Canada:
CACMACGACIA
![Page 17: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/17.jpg)
Benefits of Certification – For the Professional Up to professional to pursue and attain
designations Professional associations offering
certifications have very positive view:Improved career prospects
○ Demonstrate working knowledge and commitment
○ Career differentiator, marketabilityAccess to resources, such as networking
![Page 18: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/18.jpg)
Benefits of Certification – For the Professional (Cont’d)
Another view:Certifications still good way to show interest
or seriousness about careerBut, in many cases:
○ Need certifications to keep jobs○ Competing individuals in job market have
same certifications○ Need certifications just to get past resume
search enginesNo long a source of competitive advantage
![Page 19: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/19.jpg)
Benefits of Certification – For the Organization Organizations can influence professional
pursuit of certifications through hiring, retention, and promotion policies
Professional associations’ positive view:Benefits to professionals extended to
employersEstablish standard of best practicesEnable a broader perspective, including
both business and technology
![Page 20: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/20.jpg)
Benefits of Certification – For the Organization (Cont’d)
The literature agreesIS professionals help align IT with business
prioritiesIT audits generate value for companies
through third-party regular evaluation of information security policies and architecture
Benefits apply to external as well as internal auditExternal auditors: fees and costsInternal and external IS audit are related
![Page 21: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/21.jpg)
Guidelines for the Pursuit of IS Audit-Related Designations
IS audit-related designations provide clear benefits, but has costsFinancial costs, i.e. Fees and materialsNon-financial costs, i.e. Time and dedicationToo many designations may even cause
employers to find the resume unattractive Should not pursue as many
designations as possible Return on investment
![Page 22: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/22.jpg)
Guidelines ... (Cont’d)
Long-term approachMake a career plan and map in
certifications, time, and effort Some specific considerations
General vs. specialized designationsIT or accounting designations
![Page 23: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/23.jpg)
Concluding Remarks – Key Takeaways Continuing trend in IS IS audit-related designations:
are relevant and add value,but becoming necessity rather than
advantage Professionals need to take long-term
career plan-based approach
![Page 24: Information Systems Audit-Related Designations](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b5cc804a79593a7f8b4621/html5/thumbnails/24.jpg)
THANK YOU
QUESTIONS AND COMMENTSARE WELCOME