why information system audits-ca. abhay mate.pptpuneicai.org › wp-content › uploads › 2015 ›...
TRANSCRIPT
![Page 1: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/1.jpg)
Welcome
![Page 2: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/2.jpg)
STEP BY STEP APPROACH
TOWARDS
INFORMATION SYSTEMS(IS)AUDIT
Presentation byCA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI)
Partner, Chobe & Mate Associates - Chartered Accountants2,Phadke Sankul,Near Pune Vidyarthi Griha, Sadashiv Peth, Pune 411 030
Phone 2447 8627, 2445 4721, 98223 51901e mail - [email protected]
Courtesy-Mr. Sunil Kulkarni CISA
![Page 3: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/3.jpg)
Different Kinds of Audits
• Participative audit in software development(SDLC audit)
• Software product audit
• Quality audit (Capability Maturity Model/ISO)
• Information Systems Audit
![Page 4: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/4.jpg)
Reality For Users is
Every day is
Bad Day Bad Day
due to IT Problems
![Page 5: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/5.jpg)
• Why IS Audit ?
![Page 6: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/6.jpg)
Need for Information Systems
AuditingOrganizatio
nal costs of
data loss
Costs of
Incorrect
decision
making
Costs of
Computer
abuse
Value of H/W ,
S/W
personnel
High costs
of
Computer
error
Maintenanc
e of Privacy
ORGANISATION
Control & Audit of Computer based Information Systems
ORGANISATION
![Page 7: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/7.jpg)
Objectives of Information
Systems Audit
O
R
G
A
NI
S
Safeguarding of assets
Data Integrity
Information
O
R
G
A
NS
A
TI
O
N
System Effectiveness
System Efficiency
Information
Systems
Auditing
N
I
S
A
T
I
O
N
![Page 8: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/8.jpg)
Current State of Organization
Source: Open Compliance & Ethics Group
![Page 9: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/9.jpg)
Business - IT Scenario
![Page 10: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/10.jpg)
People Find Process workaround
![Page 11: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/11.jpg)
IT - Present Scenario
Process
“80% of
unplanned
ProcessProcessProcessProcessProcessProcessProcess
“80% of
unplanned
Process
“80% of
unplanned
Process
People Technology
IT ServiceIT Service
unplanned
downtime is due
to people and
process” (source: Gartner Group)
PeoplePeople TechnologyPeople TechnologyPeople
IT ServiceIT Service
TechnologyPeople
unplanned
downtime is due
to people and
process” (source: Gartner Group)IT ServiceIT Service
TechnologyPeople
unplanned
downtime is due
to people and
process” (source: Gartner Group)IT ServiceIT Service
TechnologyPeople
![Page 12: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/12.jpg)
Service Management
Financial
Management
Capacity Management
Availability Management
IT Service
Continuity
Management
Release
Management
Service Level
Management
Management
for IT services
Incident
Management Problem Management
Change Management
Configuration Management
Management
IT
Infrastructure
IT
Infrastructure
![Page 13: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/13.jpg)
Obstacles Prevent
Effective
Engagement
13
IT Seen as Black Box:
Business lacks visibility
Poor customer satisfaction
Overwhelming Demand:
Unstructured capture of requests and ideas
No formal process for prioritization and trade-offs
Reactive vs. proactive
![Page 14: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/14.jpg)
Disparate Systems
Reduce Efficiency
14
No Single System of Record for Decision Making
Relevant Metrics Hard to Obtain
Disparate Systems Costly to Maintain and Upgrade
![Page 15: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/15.jpg)
IT Governance Landscape
![Page 16: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/16.jpg)
IT - Overview
Customer
Site 1
Customer
Site 2
Customer
Site 3
Centralized
Desktop
Support
Network
Support
Application
Support
Systems &
Operations
Support
Third Party
Support
Centralized
Service DeskFirst -line Support
Second -line Support
![Page 17: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/17.jpg)
Gartner Group Maturity Model
Service
Value
17
Fire Fighting
Proactive
Reactive
![Page 18: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/18.jpg)
Why to Audit ?
To Measure – Business Value
To Validate To Direct
Why Measure ? – Purpose of reports
Strategy
Vision
Targets and
Metrics
© Crown copyright 2007. Reproduced under lic
ense fro
m OGC.
To InterveneTo Justify
Changes Corrective
Action
Your Measurement Framework
IT Performance
Factual Evidence
The Four reasons for measurements
© Crown copyright 2007. Reproduced under lic
ense fro
m OGC.
18
![Page 19: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/19.jpg)
Awareness aspects for the Board
Part A:IT Environment Risks:
Regulatory Risks:
Strategic Risks Strategic Risks
Organisation Risks
Location Risks
Outsourcing Risks
How to mitigate the risks?
![Page 20: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/20.jpg)
Awareness aspects for the Board
Part B: IT Operations Risk
Error RiskError Risk
Fraud Risk
Disclosure Risk
Interruption Risk
How to mitigate the risks?
![Page 21: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/21.jpg)
Awareness aspects for the Branch
Level Implementation
Audit & Training Aspects
•Environmental Aspects•Organizational Facts•Organizational Facts•Personnel And Training Matters•Systems Security Characteristics•Configuration Management•Branch Parameter Verification & Controls•Disaster Management / Continuity Of Operations
![Page 22: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/22.jpg)
Awareness aspects for the Branch
Level Implementation
Audit & Training Aspects
•Checking Methods Of Branch•Data Consistency Checks•Controls over Income Seepage•Physical Access•Physical Access•Logical Access•Connectivity Issues•ATM operations•Availability & Adherence of IT Procedural Guidelines•Aspects Pertaining To Central Office
![Page 23: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/23.jpg)
Awareness aspects for the Branch
Level Implementation
Audit & Training Aspects
ATM On Site/ Offsite/ On Line / Off Line?Guidelines received from Head Office about ATM OperationsATM OperationsATM Security AspectsATM Card Maintenance ATM Card Pinning ProcessATM registers to be maintainedATM Report Generation, Authentication
![Page 24: Why Information System Audits-CA. Abhay Mate.pptpuneicai.org › wp-content › uploads › 2015 › 03 › Why... · CA M.R.(Abhay) Mate (B.Com, F.C.A. DISA-ICAI) Partner, Chobe](https://reader033.vdocument.in/reader033/viewer/2022060211/5f04c7807e708231d40fa9ef/html5/thumbnails/24.jpg)
THANK YOU
Chobe & Mate Associates
Chartered Accountants
1785, Sadashiv Peth, Phadake Sankul, Khajina Vihir Chowk
Near Pune Vidyarthi Gruha, Pune 411 030
Phone 020-24454721 / 24478627
Mobile CA Abhay Mate 98223 51901