IT Audit ISSAIs & IDI s Capacity Development Programme on IT Audit

Similar documents
Project Proposal for Revising GUID 5300 on Information Technology Audit October 16, 2017

INTOSAI KNOWLEDGE SHARING AND KNOWLEDGE SERVICES COMMITTEE. Goal Chair: SAI India

Protocol for Quality Assurance of IDI s Global Public Goods

Guidance - publication of ISSAIs and INTOSAI GOVs on issai.org

Revision of the Strategic Development Plan for the INTOSAI Framework of Professional Pronouncements

Endorsement Version. Guidelines on IT Audit I N T O S A I ISSAI ISSAI 5300: Guidelines on IT Audit

REPORT 2015/149 INTERNAL AUDIT DIVISION

ANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. And

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

PSC STRATEGY FOR ISSAI AWARENESS RAISING

Article II - Standards Section V - Continuing Education Requirements

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

ENISA s Position on the NIS Directive

ISSAI Awareness Raising - Progress Report

Regional TSM&O Vision and ITS Architecture Update

Exam Questions IIA-CGAP

REGIONAL WORKSHOP ON E-COMMERCE LEGISLATION HARMONIZATION IN THE CARIBBEAN COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES

NHS Fife. 2015/16 Audit Computer Service Review Follow Up

DoD Financial Management Certification Program

SIEF IT system project

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

DISASTER RISK REDUCTION AND RESILIENCE A Regional Approach

Management s Response to the Auditor General s Review of Management and Oversight of the Integrated Business Management System (IBMS)

UPU UNIVERSAL POSTAL UNION. CA C 4 SDPG AHG DRM Doc 3. Original: English COUNCIL OF ADMINISTRATION. Committee 4 Development Cooperation

RESOLUTION ADOPTED BY THE GENERAL ASSEMBLY. [on the report of the Second Committee (A/54/588/Add.2)]

United Nations Environment Programme

Physical Security Reliability Standard Implementation

IIA EXAM - IIA-CGAP. Certified Government Auditing Professional. Buy Full Product.

ARISE + IPR. Ignacio de Medrano Caballero HIPOC meeting Tokyo, 19-20/02/2018

The UNISDR Private Sector Alliance for Disaster Resilient Societies

OSC Guidance and Training for Internal Audit and Internal Control Practitioners. Tina Kim John Buyce

Code of Practice for the TL 9000 Certification Process. Release 8.0

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

CONFERENCE OF EUROPEAN STATISTICIANS ACTIVITIES ON CLIMATE CHANGE-RELATED STATISTICS

Reference Framework for the FERMA Certification Programme

TERMS OF REFERENCE URBAN RAILWAY DEVELOPMENT GUIDEBOOK SUPPORT TO DEVELOP CHAPTER 15 CLIMATE AND NATURAL DISASTER RESILIENCE IN URBAN RAIL PROJECTS

Systems and software engineering Requirements for managers of information for users of systems, software, and services

INTERNAL AUDIT DIVISION REPORT 2017/037

REPORT 2015/186 INTERNAL AUDIT DIVISION

Fifteen Best Practices for a Successful Data Center Migration

The Healthy Domain Initiative (HDI)

Activities of the Second Quarter 2018

Position Description IT Auditor

Capacity building in the IAEA Action Plan on Nuclear Safety

Information Technology (CCHIT): Report on Activities and Progress

Technology Competence Initiative

AADMER Work Programme

Legal framework of ensuring of cyber security in the Republic of Azerbaijan

Subject: University Information Technology Resource Security Policy: OUTDATED

Strengthening Surveillance: The TB Surveillance Checklist of Standards and Benchmarks Rationale and Development

Academic Program Review at Illinois State University PROGRAM REVIEW OVERVIEW

ENTERPRISE RISK MANAGEMENT

THE ENERGY MANAGEMENT WORKING GROUP

DEVELOPMENT OF A DISASTER RISK MANAGEMENT NATIONAL ACTION PLAN

STRATEGIC PLAN. USF Emergency Management

REPORT 2015/010 INTERNAL AUDIT DIVISION

Globally Networked Customs Context, Concept, Rationale and Benefits - Indian Customs Perspective

The Smart Campaign: Introducing Certification

Symposium on Trustmark Guidelines in CBPR System

John Snare Chair Standards Australia Committee IT/12/4

Advanced Syllabus 2007 Release Plan

BCM The Road Ahead Chris Alvord, COOP Systems, MBCI, CBCP. April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona

AT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant

ERO Compliance Enforcement Authority Staff Training

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

International Organization for Standardization (ISO) on Climate Change Adaptation

INDIVIDUAL CONSULTANT PROCUREMENT NOTICE

City of Toronto Accessibility Design Guidelines 2015

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

NAC Institutional Committee Meeting

Current Status of WG Activities

FDIC InTREx What Documentation Are You Expected to Have?

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

National Open Source Strategy

Status Report of SOPs Implementation in [Country Name] 1 Month, Year

Update on ICANN Domain Name Registrant Work

Progress of Regional Cooperation in the Field of Disaster Risk Reduction in Asia

National Framework for Climate Services (NFCS)

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

A/AC.105/C.1/2013/CRP.6

How to Derive Value from Business Continuity Planning

Internal Audit Follow-Up Report. Multiple Use Agreements TxDOT Office of Internal Audit

ASEAN REGIONAL COOPERATION ON DISASTER MANAGEMENT

The IDN Variant TLD Program: Updated Program Plan 23 August 2012

Critical Infrastructure Protection Version 5

ISO/IEC JTC 1 N 13145

Accelerate Your Enterprise Private Cloud Initiative

TERMS OF REFERENCE. Scaling-up Renewable Energy Program (SREP) Joint Mission. Lesotho

The CQUIN Learning Network Annual Meeting

INFORMATION NOTE. United Nations/Germany International Conference

The Evolving Threat to Corporate Cyber & Data Security

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Business Continuity Planning

BUSINESS CONTINUITY AND DISASTER RECOVERY POLICY

Framework for Improving Critical Infrastructure Cybersecurity

NIST Special Publication

Annual Report for the Utility Savings Initiative

Public Private Partnerships for sustainable and smart cities. Milano, 4 July 2017

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Transcription:

IT Audit ISSAIs & IDI s Capacity Development Programme on IT Audit XIII ASOSAI Assembly 12 February 2015, Kuala Lumpur Md. Shofiqul Islam Programme Manager 1

Outline ISSAIs on IT Audit Global Public Goods - IT Audit Handbook IDI s Capacity Development on IT Audit 2

ISSAIs on IT Audit International Standards of Supreme Audit Institutions (ISSAIs) Level 4: Guideline on specific subjects Series 5300-5399 of ISSAI Framework is allocated for Information Technology Audit 3

ISSAI on IT Audit - 5310 ISSAI-5310 - Information System Security Review Methodology. Due for review in 2013 Working Group on IT Audit (WGITA) under the Knowledge Sharing Committee (KSC) 4

ISSAI 5300 Development of new ISSAI 5300 ISSAI 5300 will be an overarching ISSAI on the fundamentals of IT Audit ISSAI 5300 would lay down the general principles, approach and methodology to conduct IT Audits Updating ISSAI 5310 on Information Systems Security Audit Project Team India-Project leader Brazil Indonesia Japan Norway Poland USA 5

ISSAI 5300 Project Progress Exposure draft of ISSAI 5300 will be prepared by June 2015 Work on updating ISSAI 5310 will be taken up after finalizing ISSAI 5300. The project team will identify the subsequent ISSAIs that may be attempted to be developed in due course. 6

Presentation Plan ISSAIs on IT Audit Global Public Goods - IT Audit Handbook IDI s Capacity Development on IT Audit 7

IDI-WGITA Cooperation in IT Audit Areas of Cooperation Capacity Development AFROSAI-E, Global Development of Global Public Goods Guideline, Handbook Knowledge Sharing 8

WGITA-IDI - IT Audit Handbook Development Process (Jan-July 2013) Project team consisting of WGITA and IDI members Review of the guidelines framework and courseware developed for the pilot programme in AFROSAI-E 9

WGITA-IDI - IT Audit Handbook WGITA-IDI IT Audit Handbook for SAIs Endorsed by XXI INCOSAI - 2013 Launched at 23 rd meeting of WGITA, February 2014 http://www.intosaiitaudit.org/ 10

Structure of the Handbook Seven major IT audit issues - Definition and explanation Key Elements of these issues IT risks for the audited entity and audit questions Audit matrix based on audit questions 11

Structure of the Handbook IT Governance and Policy Development and Acquisition IT Operations Outsourcing Business continuity plan and Disaster Recovery Plans Information security Application controls 12

Audit Matrix 13

Structure of the Handbook Additional topic of interest: Mobile computing Computer forensics Websites E-governance E-commerce 14

Presentation Plan ISSAIs on IT Audit Global Public Goods - IT Audit Handbook IDI s Capacity Development on IT Audit 15

Capacity Development on IT Audit PILOT PHASE AFROSAI-E Region: 2012-2013 IDI-WGITA TRANS REGIONAL PROGRAMME ON IT AUDIT WGITA Contribution: Subject Matter Experts, Initial Reference Materials IDI Contribution: Expertise in developing guidance and training materials, Programme Management Funding 16

Capacity Development on IT Audit Results of Pilot Phase 2012-2013 AUTOMATED SYSTEM FOR CUSTOMS DATA (ASYCUDA++) GOVERNMENT PAYROLL, PENSIONS AND PASSAGES INVENTORY MANAGEMENT SYSTEM OF NATIONAL MEDICAL STORES PUBLIC FINANCE MANAGEMENT SYSTEM: GENERAL AND APPLICATIONS CONTROLS EDUCATION INFORMATION SYSTEM IT AUDIT OF THE PASSPORT ISSUANCE SYSTEM 17

Capacity Development on IT Audit CURRENT IDI IT AUDIT PROGRAMME: 2014-2015 Based on the IT Audit Handbook Global capacity development: E-course and Pilot IT Audits Developed in English, launched in May 2014 18

Pilot IT Audit Proposals Audit of HRM IS Railway Ticketing System IT Audit of Telecom Department IS Security audit of state owned enterprise IT Audit of property registration system Customs Department (ASYCUDA) Govt. Fiscal Management Information System IT Audit of Govt Payroll system Vehicle Registration and Control System 19

IT Audit Planning Meeting Issues Raised: Data manipulation and fraud Risk and security IT operations without agreed Service Level Agreements IT Governance Issues Role of IT Audit 20

Audit Field Work Currently the SAI audit teams are involved in audit field work Draft audit reports are expected by April 2015. Audit Review Meetings scheduled for June and July 2015. Reports expected to be finalized by December 2015. 21

Capacity Development on IT Audit Expected Results of the Programme About 100 participants complete the programme 41 SAIs completing pilot IT Audits Feedback on IT Audit Handbook Updating the Handbook 22

Challenges Diverse audit practices across INTOSAI community Different levels of IT maturity in the SAIs Data extraction and data analysis 23

Way Forward ISSAI 5300 Dissemination of IT Audit Handbook Translation into other INTOSAI languages E-coruses in other languages Regular update to align with the ISSAIs on IT Audit 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback