422 33 Powerpoint Slides Chapter 14 Evaluation Audit e Business Chapter 14
-
Upload
aditya-yadav -
Category
Documents
-
view
216 -
download
0
Transcript of 422 33 Powerpoint Slides Chapter 14 Evaluation Audit e Business Chapter 14
-
7/28/2019 422 33 Powerpoint Slides Chapter 14 Evaluation Audit e Business Chapter 14
1/6
07-02-201
Oxford University Press 2012. All rights reserved. E-Business
Chapter 14
Evaluation and Audit
of
e-Business
Oxford University Press 2012. All rights reserved. E-Business
Learning Objectives
To understand
the purpose and need of auditing Information
Technology and e-business the principles and basics of auditing e-business
various methods and parameters used for auditing
e-business
security and infrastructure audit of e-business
performing IT audit and action items for the same
Oxford University Press 2012. All rights reserved. E-Business
Introduction
What is Audit?
Examination and analysis of the records or
processes for the purpose of verification
Why it is needed?
for the purpose of verification of consistency and
for determining whether the system and processes
are performing the desired task
Types of Audit?
Financial, Security etc.
Oxford University Press 2012. All rights reserved. E-Business
Why Audit in e-business?
- E-business involves number of business transactions
over the Web
- Financial transactions through payment gateways
- Effective security processes and infrastructure need to
be in place in order to ensure all activities run
smoothly
Oxford University Press 2012. All rights reserved. E-Business
Health Indicators of an e-business
Health indicators of an e-business are the indicators that
contribute to value creation, customer satisfaction andbusiness financials; and the effectiveness and
efficiency of business activities.
Following are some of the indicators
1. Availability of the system for end users
2. Response time of a system for internal and external
customers
3. Accessibility of the system
4. Human factor engineering
Oxford University Press 2012. All rights reserved. E-Business
Health Indicators of an e-business Cont..
5. Customer services
6. Privacy7. Illegal usage and its analysis
8. Copyright infringement
9. Security indicators
10. Various controls and how they are established
11. Other factors such as infrastructure, connectivity,
etc: These factors also indicate the overall business
health.
-
7/28/2019 422 33 Powerpoint Slides Chapter 14 Evaluation Audit e Business Chapter 14
2/6
07-02-201
Oxford University Press 2012. All rights reserved. E-Business
E-business Audit & documents
E-business auditing involves examination of the overall
processes and systems which include the audit of
- the network - system behaviour
- Infrastructure - processes
The supplementary documents facilitating auditing
include different diagrams and documents, as
- Network diagrams - System diagrams
- Staff relationship Diagram - Responsibility diagrams
- Point of exposure analysis - Infrastructure list and
positions
- Material and information flow diagrams
Oxford University Press 2012. All rights reserved. E-Business
Need for e-business audit and evaluation
E-business audit is necessary for the following key
reasons:
Building customer faith
Improved safeguarding of assets
Improved data integrity
Improved system efficiency
Improved customer satisfaction
Once the processes are established, there is the need for
time-to-time review and improvement of these
processes, with the revelation of every new fact.
Oxford University Press 2012. All rights reserved. E-Business
Auditing guidelines
Comprised of the recommended course of action
needed to perform a quality audit
Should satisfy the following basic criteria -
Evaluating and prioritizing action items based on the
significance of every part of the audit
Accuracy and reliability of audit findings
Impartial and non-prejudiced judgement that is not based
on outdated or irrelevant data
Scope and timeliness of the audit
Clarity, efficiency, and effectiveness of the audit
Oxford University Press 2012. All rights reserved. E-Business
Major aspects of e-business Audit
The four major aspects of e-business audit are
Understanding and verifying roles
Identifying and understanding processes
Evaluation with reference to benchmark or expected
roles, and
Deriving inputs for enhancement with reference to
gaps.
An audit matrix has four parameters:
Investigation - Evaluation Measurement - Learning
Oxford University Press 2012. All rights reserved. E-Business
Indicators of Audit Objectives
Two important indicators of audit objectives
Value creation and Achieving business objective
E-business auditing guidelines can be mapped to 4 heads -
The General Guidelines and the Framework for
Auditing
The Guidelines for Financial Auditing
The Guidelines for Performance Auditing
The Guidelines for Corporate Control Oxford University Press 2012. All rights reserved. E-Business
Conducting e-business audit
An e-business audit starts with an analysis of the following
aspects - General business overview
The business system and its key components
IT infrastructure and architecture
Different processes and standards followed
Staff and management
Security devices, policies, architecture, & implementation
Business alignment of e-initiatives
Extended organization, service providers, and external
devices used
-
7/28/2019 422 33 Powerpoint Slides Chapter 14 Evaluation Audit e Business Chapter 14
3/6
07-02-201
Oxford University Press 2012. All rights reserved. E-Business
Controls in e-business audit
Control refers to a system that prevents, detects, and
corrects unlawful events.
Implementation of reliable controls is required to
keep things in place
And also to make sure that processes, people, and
management are working effectively towards the
business goal.
The controls are not limited for security purpose, but
cover the entire system
Controls can be classified into preventive controls,
detective controls, and corrective controls. Oxford University Press 2012. All rights reserved. E-Business
Controls in e-business Audit Cont..
Controls cover the entire system, to -
Ensure that appropriate processes are in place
Ensure that the processes are being followed properly
Check whether the necessary infrastructure is in place
Understand the need of enhancement
The purpose of controls is to minimize the losses by
prevention of activities causing losses
Oxford University Press 2012. All rights reserved. E-Business
An External Auditing System
External auditing system analysis comprises -
Interviews of employees, customers, and managers
A system study
Analysis of the results
The steps involved in conducting an audit include -
Steps to obtain clarity about the controls and
understanding of the controls
Assessment tests of the controls
Tests to detect the irregularities in controls
Review procedures Oxford University Press 2012. All rights reserved. E-Business
Steps involved in an e-business Audit
Oxford University Press 2012. All rights reserved. E-Business
E-Auditing Parameters
Oxford University Press 2012. All rights reserved. E-Business
Risks associated with Audit
The most challenging task in the planning phase is to
judge the level of risk associated with each segmentof the audit.
To decide on the level of risk, one needs to analyse the
internal controls -
- Control environment and activities
- Risk assessment, Monitoring
- Information and communication
- Control establishment and personnel
- Use of technologies
-
7/28/2019 422 33 Powerpoint Slides Chapter 14 Evaluation Audit e Business Chapter 14
4/6
07-02-201
Oxford University Press 2012. All rights reserved. E-Business
Security and Security Risk Assessment Steps
with reference to e-business
Oxford University Press 2012. All rights reserved. E-Business
Tests of ControlsCollecting Auditing
Data
The testing of controls offers an insight into their
functioning and provides the necessary data.
Verification of management controls Iterative evaluation of controls
Once the management controls are found reliable, the
weaknesses of controls at every level are investigated
This includes verification of controls at the levels of
operator, accountant, individual employees, etc.
Oxford University Press 2012. All rights reserved. E-Business
Audit Programs
The audit program is based on the organizations own
reference guide.
The program consists of steps to deduce the
efficiency.
The points to be considered while forming an audit
program
The standards used and
general guidelines followed by an organization
Oxford University Press 2012. All rights reserved. E-Business
Audit and Testing
An audit needs to analyze the system from various
angles and perspectives, with the help of multiple
controls and a variety of combinations of these
controls.
It includes interviewing employees, testing, and
assessment of documents. Depending on the
complexity of the system, the testing plan for an audit
is decided.
Oxford University Press 2012. All rights reserved. E-Business
Audit Reporting
Audit reports help organizations identify the gaps and
develop guidelines for bridging the gaps observedduring audit.
An e-business audit report should cover
IT functionality report
IT process auditing report,
Responsibilities and management response
A document addressing users about the need of the
correction in processes.
Oxford University Press 2012. All rights reserved. E-Business
Audit Report heads
The report must be organized under relevant heads as
Customer interaction processes
Information gathering and analysis processes
Delegation of authority
Internal reporting, Escalation processes, Financial
processes, Contracting processes, etc.
The controls along with the observation and possible
ways of improvement
Information related to the performance indicators
used for auditing.
-
7/28/2019 422 33 Powerpoint Slides Chapter 14 Evaluation Audit e Business Chapter 14
5/6
07-02-201
Oxford University Press 2012. All rights reserved. E-Business
Audit of Performance Indicators
Performance indicators should be chosen appropriately
Should indicate the performance of the system accurately.
E-business audit made up of Performance indicators,efficiency indicators, and effectiveness indicators.
Efficiency indicators are associated with the resources
contributing towards the efficiency of business processes.
Effectiveness indicator provides an insight into the overall
effectiveness of business processes.
Workload indicators indicate the amount of work
performed.
Oxford University Press 2012. All rights reserved. E-Business
E-business Balanced Score-card
Oxford University Press 2012. All rights reserved. E-Business
E-business Audit Controls and Parameters
E-business is audited for various parameters. The important
control heads with reference to audit of e-business are -
Systems development management controls
E-business transaction management controls
Security management controls
Quality assurance management controls
Input controls
Operations management controls
Programming management controls
Financial management controls
Supply chain management controls
Database management controls
Oxford University Press 2012. All rights reserved. E-Business
Scope of Audit Work
Oxford University Press 2012. All rights reserved. E-Business
Concurrent Auditing for E-business
Concurrent auditing is collecting data and evidence
from all audit sources. Allows to capture and track the audit trail online
Provide means for tracking and early warning to
minimize losses resulting from anomalies
Helps identify irregularities quickly
Irregularity propagates quickly across the systems
and results in information and material losses
Oxford University Press 2012. All rights reserved. E-Business
Steps of concurrent auditing
The steps followed for concurrent auditing are -
Perform feasibility study Analyze the of impact of concurrent auditing
Analyze and take related technical decisions
Plan and design
Implement
Carry out post audit cost benefit analysis
-
7/28/2019 422 33 Powerpoint Slides Chapter 14 Evaluation Audit e Business Chapter 14
6/6
07-02-201
Oxford University Press 2012. All rights reserved. E-Business
Advantages of Concurrent Auditing
The advantages of concurrent auditing with reference to
e-business are -
Alternative to traditional post auditing
Gives capability to auditors to track processes
Gives test capability to auditors and information
system and business staff
Can be used for training new users and to give insight
into the system and business
Oxford University Press 2012. All rights reserved. E-Business
Security Audit
Security audit includes
audit for physical security
data transmission security, and
data storage security
along with security aspects of system
administration and application development.
It covers the following aspects:
1. Security of computers, servers, and network devices
2. Availability of hardware
3. Physical measures for information and data security
Oxford University Press 2012. All rights reserved. E-Business
Security Audit
4. Backup policies
5. Handling of sensitive information
6. Transmission and encryption of important data
7. Server handling and configuration handling
8. Anomaly detections and identifying violations
9. Disaster recovery and business contingency plans
10. System privilege and access control
11. Information and source code handling
12. Testing strategies13. Security policies to handle viruses, intrusions, and
information corruption Oxford University Press 2012. All rights reserved. E-Business
Components of an e-business Security Audit
Monitoring
Contingency plan
Recovery and reconciliation
Transaction integrity
Incident monitoring and handling
User authentication
Oxford University Press 2012. All rights reserved. E-Business
Infrastructure Audit
The purpose is to identify whether the required
infrastructure is in place and being used properly andefficiently.
Essential for security as well as efficiency reasons
Includes listing of the available infrastructure such as-
Hardware assets
Operating systems along with patches and versions
Software installed on various machines
Network analysis (connectivity and requirements)
Servers etc.
Oxford University Press 2012. All rights reserved. E-Business
Infrastructure Audit Cont..
Also includes analyses of security and backup systems.
The infrastructure audit deals with -
Checking whether the required infrastructure is in
place
The quality of infrastructure
Scalability and security aspects of the infrastructure
Optimal use of infrastructure
Connectivity and communication
Processes related to infrastructure