the-status-of-it-audit-education3432.ppt
-
Upload
faisalcsedu -
Category
Documents
-
view
221 -
download
0
Transcript of the-status-of-it-audit-education3432.ppt
-
7/28/2019 the-status-of-it-audit-education3432.ppt
1/29
Sam A. Hicks, PhD
Department of Accounting & InformationSystems
Audit track at VA SCANVirginia Tech
October 6 ,2008
The Status of IT Audit Education
-
7/28/2019 the-status-of-it-audit-education3432.ppt
2/29
What is Information Systems AuditWhat is an Audit
Auditing: Systematic process of objectivelyobtaining and evaluating evidence regardingassertions about economic actions and events toascertain the degree of correspondence between
those assertions and established criteria andcommunicating the results to interested users.
Financial Statement Auditors Establishedcriteria is Generally Accepted AccountingPrinciples [GAAP]
Financial Statement Auditors Must attest to theamounts on the financial statements, they cannotonly attest to the system
-
7/28/2019 the-status-of-it-audit-education3432.ppt
3/29
An audit compares actual to standardestablished criteria for IS Audit is COSO, COBIT,Basel II Accord, ITIL, and several ISO standards.
Sarbanes Oxley requires that management attestto Internal control over the Accounting systemand
Auditors audit managements assertions as to
Internal Control
Again, standard for Internal Control is COSO,COBIT, Basel II Accord, ITIL, and several ISOstandards.
-
7/28/2019 the-status-of-it-audit-education3432.ppt
4/29
IS AuditA specialized audit focusing on the controls of the
information systems of the entity.
Most frequently the IS Auditor is a part of theinternal audit team. As such, the IS Auditor is anintegral part of the
Design and Development of the system reviewsthe system analysis and design of the system, thepurchase or programming of the system, the
installation, and the post-implementation review
-
7/28/2019 the-status-of-it-audit-education3432.ppt
5/29
IS Audit Security [Availability, Confidentiality and Integrity]
of the system access, back-up, separation ofduties, training of users, documentation of system
Change management
Control of software
Enhance operations with changes
Do the tasks of the IS Auditor matter?
-
7/28/2019 the-status-of-it-audit-education3432.ppt
6/29
AICPA Top Ten IT ConcernsRanking 2008 2007 2006 2005 20041 Information
Security
Management
Information
Security
Management
Information
Security.
InformationSecurity
Information
Security
2 ITGovernance Identity andAccess
Management
Assuranceand
Compliance
Application
s
ElectronicDocumentManagement
SpamTechnology
3 Business
ContinuityManagement(BCM) andDisasterRecoveryPlanning(DRP)
Conforming to
Assurance andCompliance
Standards
Disaster and
BusinessContinuity
Planning.
Data
Integration
Digital
Optimization
http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Information+Security/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Information+Security/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Assurance++Compliance+Applications/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Assurance++Compliance+Applications/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Assurance++Compliance+Applications/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Assurance++Compliance+Applications/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Assurance++Compliance+Applications/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Disaster+and+Business+Continuity+Planning/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Disaster+and+Business+Continuity+Planning/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Disaster+and+Business+Continuity+Planning/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Disaster+and+Business+Continuity+Planning/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Disaster+and+Business+Continuity+Planning/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Disaster+and+Business+Continuity+Planning/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Disaster+and+Business+Continuity+Planning/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Disaster+and+Business+Continuity+Planning/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Assurance++Compliance+Applications/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Assurance++Compliance+Applications/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Assurance++Compliance+Applications/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Assurance++Compliance+Applications/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Assurance++Compliance+Applications/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Information+Security/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Information+Security/ -
7/28/2019 the-status-of-it-audit-education3432.ppt
7/29
AICPA Top Ten IT Concerns4 Privacy
Management
Privacy
Management
IT
Governance.
Spam
Technology
Database
and
Application
Integration5 Business
ProcessImprovement(BPI),Workflow and
ProcessExceptionAlerts
Disaster
Recovery
Planning and
Business
continuityManagement
Privacy
Management
DisasterRecovery
Wireless
Technologies
6
Identity andAccess
Management
IT Governance Digital
Identity and
Authentication
Technologies
CollaborationandMessaging
Applications
Disaster
Recovery
7 Conforming toAssurance andComplianceStandards
Securing and
Controlling
Information
Distribution
Wireless
Technologies
WirelessTechnologies
Data Mining
http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/IT+Governance/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/IT+Governance/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Privacy+Management/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Privacy+Management/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Digital+Identity+and+Authentication+Technologies/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Digital+Identity+and+Authentication+Technologies/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Digital+Identity+and+Authentication+Technologies/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Digital+Identity+and+Authentication+Technologies/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Digital+Identity+and+Authentication+Technologies/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Digital+Identity+and+Authentication+Technologies/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Digital+Identity+and+Authentication+Technologies/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Digital+Identity+and+Authentication+Technologies/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Privacy+Management/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/Privacy+Management/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/IT+Governance/http://infotech.aicpa.org/Resources/Top++10+Technologies/Top+10+Technologies+2006/IT+Governance/ -
7/28/2019 the-status-of-it-audit-education3432.ppt
8/29
AICPA Top Ten IT Concerns88 Business
Intelligence(BI)
Mobile and
Remote
Computing
Application
and Data
Integration
Authentica
tion
Technologi
es
Virtual
Office
9 Mobile andRemoteComputing
Electronic
Archiving andData Retention
Paperless
DigitalTechnologies
Storage
Technologies
Business
ExchangeTechnology10 Document,
Forms,Content andKnowledgeManagement
Document,
Content and
Knowledge
Management
Spyware
Detection
and Removal
LearningandTrainingCompetenc
y
Messaging
Applications
-
7/28/2019 the-status-of-it-audit-education3432.ppt
9/29
Public Company AccountingOversight Board's (PCAOB)
Auditors who sign reports tend to be financialstatement auditors with little knowledge ofsystems
PCAOB suggests that financial statementauditors have more IT education
Expressed concern of PCAOB Advisory Group
-
7/28/2019 the-status-of-it-audit-education3432.ppt
10/29
Department of Defense In May 2006, required about 80,000 professionals
in the area of Information Assurance Workforce,to acquired one of 13 professional certifications.Certified Information Systems Auditor [CISA] was
one of the 13.
-
7/28/2019 the-status-of-it-audit-education3432.ppt
11/29
Certified Information Systems Auditor[CISA]
Pass the CISA Exam Have IS Audit experience 5 years
Abide by Code of Ethics
Continuing Professional Education Follow IS Auditing Standards issued by ISACA
-
7/28/2019 the-status-of-it-audit-education3432.ppt
12/29
CISA Exam 200 multiple choice questions Topics
The IS Audit Process
IT Governance
Systems Life Cycle
IT Service Delivery and Support [Operations]
Security
Business Continuity and Disaster Recovery
-
7/28/2019 the-status-of-it-audit-education3432.ppt
13/29
Salary Info Premium of 10 to 15% for certification CISA, CISSP and CISM were among the highest
Certification Magazines 2007 Salary Survey
report
CISM came in second at $115,720 -- ISACA reportsabout 8,000 professional world-wide have CISM
CISA came in fifth at $98,740 ISACA reportsabout 55,000 professional world-wide have CISA
-
7/28/2019 the-status-of-it-audit-education3432.ppt
14/29
So What From this kind of information, Demand for ISAuditors is strong.
Most of our students have multiple offers
Yet
-
7/28/2019 the-status-of-it-audit-education3432.ppt
15/29
ISACA Student Members Website reports that over 800 students have
student memberships representing 200 schools
Thus only about 4 per school!
-
7/28/2019 the-status-of-it-audit-education3432.ppt
16/29
Students Graduating from ACISStudents
graduating
12 monthsperiod
ending June
30
Goal 2008 2007 2006 2005 2004
Accounting
Option90 128 155 132 134 116
SystemsAssurance
Option
[IS Audit]
45 12 11 13 19 20
Systems
Development
Option
40 5 4 15 13 19
Total
Graduates
175 145 170 160 166 155
-
7/28/2019 the-status-of-it-audit-education3432.ppt
17/29
Control Association (ISACA) modelcurriculum
General Education and General Business Three parts
Accounting
Systems
Auditing
-
7/28/2019 the-status-of-it-audit-education3432.ppt
18/29
ISACA model curriculumAccounting
Accounting Principles IAccounting Principles II
Intermediate Accounting I or ManagementAccounting
Process Control/Internal Control
Accounting Information Systems
-
7/28/2019 the-status-of-it-audit-education3432.ppt
19/29
ISACA model curriculumInformation Systems
Introduction to Computers
Computer Programming
Systems Analysis & Design
Data Base Management Systems
Computer-based Communication Networks
Management of Information Systems
-
7/28/2019 the-status-of-it-audit-education3432.ppt
20/29
ISACA model curriculumAuditing
Internal Auditing I
Introduction to Information Systems Auditing/CAATs
Special Topics (e.g., IS Integrity and Confidentiality,Audit Ethics)
-
7/28/2019 the-status-of-it-audit-education3432.ppt
21/29
IS Audit at Virginia TechUndergraduate
General Education 50 credits General Business 33 Credits
Accounting 15 Credits
Intermediate 6
Cost 3
Tax 3
Accounting Systems and Controls 3
-
7/28/2019 the-status-of-it-audit-education3432.ppt
22/29
IS Audit at Virginia TechUndergraduate
Information Systems 12 Credits Information Systems Development
Database Management systems
Networks and Telecommunications in Business
Personal Computers in Business
-
7/28/2019 the-status-of-it-audit-education3432.ppt
23/29
IS Audit at Virginia TechUndergraduate
Auditing 9 CreditsAuditing Governance and Professional Ethics
Financial Statement Auditing
Information Systems Audit and Control
Electives 6 Credits
-
7/28/2019 the-status-of-it-audit-education3432.ppt
24/29
What would you Change?
-
7/28/2019 the-status-of-it-audit-education3432.ppt
25/29
Alternative pathsto IS Audit knowledge
Business Information Technology Computer Science
Computer Engineering
-
7/28/2019 the-status-of-it-audit-education3432.ppt
26/29
Other CERTIFICATIONS
CFE Certified Fraud Examiner CIA Certified Internal Auditor CISSP Certification for Information System
Security Professional CNE Certified Novell Engineer CPA Certified Public Accountant CRP Certified Risk Professional MCSE Microsoft Certified Systems
Engineer
CISA Certified Information SystemsAuditor CITP Certified Information Technology
Professional [from AICPA]
-
7/28/2019 the-status-of-it-audit-education3432.ppt
27/29
Additional Cerifications CCM Certified Cash Manager CCSA Certification in Control Self Assessment CCDA Cisco Certified Design Associate CCNA Cisco Certified Network Administrator CMA Certified Management Accountant CFM Certified in Financial Management SAPTASAP Technical Auditor CMC Certified Management Consultant CFA Certified Financial Analyst CBCP Certified Business Continuity Professional CIDA Certified Investments & Derivatives
-
7/28/2019 the-status-of-it-audit-education3432.ppt
28/29
Why a certificate? Connected to a professional group Documents some level of knowledge
Recognition to you
Parting Words
-
7/28/2019 the-status-of-it-audit-education3432.ppt
29/29
Advice From CIOs
Get uncomfortable Be willing to admit to errors that you make take
responsibility
Go with your gut listen, learn, then go with yourinstinct
Get dirty be willing to try
Love it or Leave it Life is too short to do what
you do not love to do, move on and try somethingdifferent
CIO January 29, 2008