system audit-ensuring the integrity...ca m s mehta. session overview need for systems audit what is...
TRANSCRIPT
![Page 1: System Audit-ensuring the integrity...CA M S Mehta. Session Overview Need for Systems Audit What is Systems Audit Perspectives Scope Objectives The Audit Process Use the Tools](https://reader036.vdocuments.us/reader036/viewer/2022070706/5e9e6f87312d434acd2ea2b2/html5/thumbnails/1.jpg)
Can’t you do anything right?
System Audit-ensuring the integrity
CA M S Mehta
![Page 2: System Audit-ensuring the integrity...CA M S Mehta. Session Overview Need for Systems Audit What is Systems Audit Perspectives Scope Objectives The Audit Process Use the Tools](https://reader036.vdocuments.us/reader036/viewer/2022070706/5e9e6f87312d434acd2ea2b2/html5/thumbnails/2.jpg)
Session Overview
Need for Systems AuditWhat is Systems AuditPerspectivesScopeObjectivesThe Audit ProcessUse the Tools
![Page 3: System Audit-ensuring the integrity...CA M S Mehta. Session Overview Need for Systems Audit What is Systems Audit Perspectives Scope Objectives The Audit Process Use the Tools](https://reader036.vdocuments.us/reader036/viewer/2022070706/5e9e6f87312d434acd2ea2b2/html5/thumbnails/3.jpg)
FCA Investigation results
• BCP was there but less focus on IT resilience.
• Inaccurate records of changes to systems.
• Not identify, understand or mitigate risk of a batch scheduler failure
• There was a lack of ‘substantial’ experience.
• Lack of IT knowledge held by group management.
• Incomplete audits of IT.
• Outage was due to a lack of safeguards not investment in IT.
![Page 4: System Audit-ensuring the integrity...CA M S Mehta. Session Overview Need for Systems Audit What is Systems Audit Perspectives Scope Objectives The Audit Process Use the Tools](https://reader036.vdocuments.us/reader036/viewer/2022070706/5e9e6f87312d434acd2ea2b2/html5/thumbnails/4.jpg)
What went wrong
• There was no collateral security at stake before issuing the LOUs
• The LOUs, supposed for 90 days, were given a one-year validity.
• The SWIFT-Maker, Checker and Verifier, which were bypassed.
• No Linkage between Swift and the bank’s back-end software.
• Issue of LOUs were not recorded in the ‘PNB’ CBS.
• No rotation of employees in every three years.
• Training programmes that sharing of passwords is prohibited.
• Absence of worthwhile IS Audit ensured that misuse of ids and password went undetected.
• Internal audit, statutory audit and Regulatory audit failed to smell out the frauds.
• Combination of inferior technology, weak risk management and insufficient regulatory oversight.
![Page 5: System Audit-ensuring the integrity...CA M S Mehta. Session Overview Need for Systems Audit What is Systems Audit Perspectives Scope Objectives The Audit Process Use the Tools](https://reader036.vdocuments.us/reader036/viewer/2022070706/5e9e6f87312d434acd2ea2b2/html5/thumbnails/5.jpg)
The process of collecting and evaluating evidence to determine whether a computer system • safeguards assets,
• maintains data integrity,
• allows organisational goals to be achieved effectively, and
• uses resources efficiently.
IS Auditing
![Page 6: System Audit-ensuring the integrity...CA M S Mehta. Session Overview Need for Systems Audit What is Systems Audit Perspectives Scope Objectives The Audit Process Use the Tools](https://reader036.vdocuments.us/reader036/viewer/2022070706/5e9e6f87312d434acd2ea2b2/html5/thumbnails/6.jpg)
IS Auditing
IS audit refers to any audit that
encompasses wholly or partly,
review and evaluation of
automated information processing systems,
related non-automated processes
and the interfaces between them
…ISACA
![Page 7: System Audit-ensuring the integrity...CA M S Mehta. Session Overview Need for Systems Audit What is Systems Audit Perspectives Scope Objectives The Audit Process Use the Tools](https://reader036.vdocuments.us/reader036/viewer/2022070706/5e9e6f87312d434acd2ea2b2/html5/thumbnails/7.jpg)
Management’s perspectiveRegulatory perspective
![Page 8: System Audit-ensuring the integrity...CA M S Mehta. Session Overview Need for Systems Audit What is Systems Audit Perspectives Scope Objectives The Audit Process Use the Tools](https://reader036.vdocuments.us/reader036/viewer/2022070706/5e9e6f87312d434acd2ea2b2/html5/thumbnails/8.jpg)
Key components
![Page 9: System Audit-ensuring the integrity...CA M S Mehta. Session Overview Need for Systems Audit What is Systems Audit Perspectives Scope Objectives The Audit Process Use the Tools](https://reader036.vdocuments.us/reader036/viewer/2022070706/5e9e6f87312d434acd2ea2b2/html5/thumbnails/9.jpg)
Controls
9
Control is defined as
policies, procedures, practices and enterprise structure
that are designed to provide reasonable assurance
that the business objectives will be achieved
and undesired events are
prevented,
detected
and
corrected
![Page 10: System Audit-ensuring the integrity...CA M S Mehta. Session Overview Need for Systems Audit What is Systems Audit Perspectives Scope Objectives The Audit Process Use the Tools](https://reader036.vdocuments.us/reader036/viewer/2022070706/5e9e6f87312d434acd2ea2b2/html5/thumbnails/10.jpg)
Scope of Audits
Systems and Applications
Information Processing Facilitites
Systems DevelopmentManagement of IT
and enterprise Architecture
Client/Server, Telecommunications,
Intranets and Extranets
Compliance Audits Operational Audits Financial Audits
Integrated Audits Administrative Audits Specialized Audit Forensic Audits
![Page 11: System Audit-ensuring the integrity...CA M S Mehta. Session Overview Need for Systems Audit What is Systems Audit Perspectives Scope Objectives The Audit Process Use the Tools](https://reader036.vdocuments.us/reader036/viewer/2022070706/5e9e6f87312d434acd2ea2b2/html5/thumbnails/11.jpg)
Objectives of IS Audit
Objectives of IS Audit
FiduciaryReliability
Compliance
QualityEfficiency
Effectiveness
Security
Confidentiality
Integrity
Availability
![Page 12: System Audit-ensuring the integrity...CA M S Mehta. Session Overview Need for Systems Audit What is Systems Audit Perspectives Scope Objectives The Audit Process Use the Tools](https://reader036.vdocuments.us/reader036/viewer/2022070706/5e9e6f87312d434acd2ea2b2/html5/thumbnails/12.jpg)
Typical IS Audit Procedures
Subject
Objective & Scope
Pre-audit planning
Understanding Auditee Environment
Evidence
Evaluate Test Results
Communicate Results to Management
Reporting &
Follow - up