Page 21 - Auditinf Electronic System
P. 21
No difference exists between IT auditing and general auditing
Phases. IT auditingis typically a subset of the overall audit; the portion that invol
ves computer technology is the subset. It is integrated in every phase and lead to
widening the scope of auditor attention to IT related matters, as Follows:
Phase 1: regarding accepting the audit client:
The auditor Must have It Skilled Staff member to assign to the audit
engagement before accepting the client. Not Just Accounting Skills only.
Professional IT certifications are widely spread and pursued as:
Certified Information Systems Auditor (CISA): from The Information
Systems Audit and Control Association (ISACA) help develop your knowledge for
conducting IT audits
Certified IT Auditor (CIA): The Institute of Internal Auditors (IIA) offers
the CIA certification. This certification helps develop your knowledge for
conducting internal audits.
GIAC Systems and Network Auditor Certification (GSNA): Global
Information Assurance Certification (GIAC) offers the GIAC Systems and Network
Auditor Certification. This certification validates knowledge of risk assessment
techniques, auditing and reporting
Phase 2 regarding audit planning and designing audit approach:
1) understanding client control environment:
Auditor must understand his client Its environment and its related
complications whether:
▪ it`s infrastructure
▪ IT Implication on the client industry as banking sector applying internet
banking.
2) assessment of internal control and control risk assessment:
▪ IT has increased Systems security breaches hence increased internal
control risk
▪ Auditor must Widen the scope of risk assessment procedures, to assess
internal control risk related to It and effectives of IT controls applied to
face this risk.
22
21
جميع الحقوق محفوظة ـ الإعتداء على حق المؤلف بالنسخ أو الطباعة يعرض فاعله للمسائلة القانونية