The IS Audit Process

Risk Analysis

•Risk analysis helps to identify risks and vulnerabilities to be able to determine controls needed to mitigate those risks

What is a Risk?

Elements of Risks

•Threats to, and vulnerabilities of, process and/or assets

•Impact on assets based on threats and vulnerabilities

•Probability of threats (combination of the likehood and frequency of occurrence)

IS Auditor’s Focus on Risk

•Confidentiality, Availability, Integrity of sensitive and critical information

•Underlying information system and process that generate, store and manipulate information

How You Deal With Risk

Internal Control

•Policies

•Procedures

•Practices

•Organizational Structures

Auditing

•The independent examination of records and other information in order to form an opinion on the integrity of a system of controls and recommend control improvements to limit risks

Audit Classification

•Financial Audits

•Operational Audits

•Integrated Audits

•Administrative Audits

•IS Audits

•Specialized Audits

•Forensic Audits

IS Auditing

•Process of collecting and evaluating evidence determine whether the computer system safeguards assets, maintains data integrity, achieve organizational goals effectively and uses resources efficiently.

IS Audit Process

Performing IS Audit

•The flow diagram could perhaps have been drawn more realistically like this: