 |
|
|
|
|
 |
| "Agile in thought and dynamic in spirit, Webizus pursues a vision to continuously help enterprises consistently offer greater value to their customers" |
 |
|
|
|
 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
What began as EDP Audit, then came to be known as IS Audit, and is now known as IT Audit. In the early days of EDP Audit the mission was to bring management attention and control to the technically oriented world of data processing. In those days the EDP Auditors were the management control generalists who understood the basics of information systems, and the Data Processing Managers were frequently the technicians who unfortunately often did not understand the basics of business management. The primary goal of the EDP Audit pioneers was to focus senior management attention on the new business risks inherent in information systems, and to establish appropriate control measures. Their success is evident in the establishment of positions dedicated to computer security, quality assurance, and contingency planning within contemporary information technology functions.
Advances in technology gave the IS Auditors more to be concerned about - as basic management controls were now dependent on implementation of specific technical controls, and the computing environment became much more complex. And as technology became more "technical" - IS Auditors became convinced that they should be "technical" as well, and began the perpetual struggle to try to keep up with technology advances. Today's IT Auditors are almost never a one man team. Support staff & peripheral softwares specialized for various audit functions have given rise to the Audit Department in companies. Technology issues keep changing by the day as more powerful applications make business processes completely dependant on these systems. Intellectual Property Rights (IPR) is a case in point. Software piracy has moved on from illegally copying discs & distributing to downloading from the Internet. Auditing software licensing in an organization was not an easy task even in the days when license papers were checked with the number of actual licensed copies of the software running in the organization. Today there may not be any license papers to cross check. When softwares started being available for download from websites on the Internet, auditors moved on from proper policies for CD drive & floppy disc access to writing Internet policies that would prevent employees from downloading & installing software from websites. Close to its heels came file sharing applications. Napster is a wildly popular peer-to-peer service that allows users to search for and download particular music tracks stored on computers of other users. Although Napster (free service) has been stopped after it lost a copyright legal battle with the music industry, there has always been a P2P software to fill the void. Aimster, iMesh, Audiogalaxy & now Kazaa have all risen in popularity, one after the other. Now, not only music, but just about any file can be shared using these applications. Software inventory checking needs to become a normal management practice, using any of the wide range of products available such as Centennial Discovery or LANAuditor Various organizations have guidelines issued for IT auditors. Five
recently issued documents are the result of continuing efforts to
define, assess, report on, and improve internal control. They are:
the Information Systems Audit and Control Foundation's COBIT (Control
Objectives for Information and related Technology), the Institute
of Internal Auditors Research Foundation's Systems Auditability
and Control (SAC), the Committee of Sponsoring Organizations of
the Treadway Commission's Internal Control - Integrated Framework
(COSO), and the American Institute of Certified Public Accountants'
Consideration of the Internal Control Structure in a Financial Statement
Audit (SAS 55), as amended by Consideration of Internal Control
in a Financial Statement Audit: An Amendment to SAS 55 (SAS 78).
COBIT audit guidelines have become a standard in the
industry. Based on analysis of the information technology infrastructure
library (ITIL) IT management practices, a UK document, COBIT classifies
IT processes into four domains. These four domains are (1) planning
and organization, (2) acquisition and implementation, (3) delivery
and support and (4) monitoring. The natural grouping of processes
into domains is often confirmed as responsibility domains in an
organizational structure and follows the management cycle or life
cycle applicable to IT processes in any IT environment. The Exhibit
illustrates the relationship between IT resources and the four IT
process domains and lists 34 IT processes and 7 Information Criteria. Certification in IT audit is widely accepted today as an important qualification for IT auditors. Although they do not guarantee that the auditor will be superior to an auditor who is not certified, it can be a important criteria while deciding on an auditor for your organization. Certified Information Systems Auditor (CISA) is a certification awarded by the Information Systems Audit and Control Association (ISACA), which was formed in 1969 to meet the unique, diverse and high technology needs of the burgeoning IT field. In an industry in which progress is measured in nano-seconds, ISACA has moved with agility and speed to bridge the needs of the international business community and the IT controls profession. The Information Systems Audit and Control Association is a leading global professional organisation representing individuals in more than 100 countries. Certified Information Systems Security Professional (CISSP) is awarded by The International Information Systems Security Certification Consortium, Inc. The (ISC)2 Inc. was established in mid-1989. This non-profit organization creates and administers a certification program for information security professionals & has professionals in 31 countries. Due to the dynamic nature of information technology, the need arises to continuously redefine audit, control and security requirements and processes. Certifications like the above are geared to keep pace with these IT needs. To meet the needs of management, audit committees, government regulators, and other constituents, CISAs are required to remain current with new practices, trends and technology. This is accomplished through mandatory compliance with the CISA continuing education policy. Personal Professional Development Contributions to the Profession To retain certification, CISSPs too must obtain 120 Continuing Professional Education (CPE) credits over three years. CPE credits are earned by performing activities largely related to the information systems security profession including, but not limited to, the following: · Educational courses or seminar attendance
Share the wealth!
To unsubscribe from the monthly newsletter, click
on the link below to e-mail your request to us. YOU WILL RECEIVE
NO FURTHER NEWSLETTERS from Webizus Technologies if you do. Webizus takes your privacy seriously. To learn more about Webizus' use of personal information, please read our Privacy Policy at http://www.webizus.com/privacy.html Disclaimer: Copyright ©1999-2002, Webizus Technologies, All Rights Reserved. For more information mail us on info@webizus.com Contact us today for a demonstration of how we can
cut down your costs and improve your business: |
  |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
