Unit III Auditing information systems

Introduction
In years recently can be considered as a true technological revolution in depth and impact. Nowadays, the majority of organizations consider that information and its associated technology represent their most important assets.

Introduction /2
The quality control and security requirements that are implemented for others companies's assets are also required for information systems and technology. Management must establish and adequate system of internal controls, and such systems should support business processes and resources properly.

Introduction /3

The planning, control, security and cost reduction involved in information systems are currently essential for organizational strategies.

Introduction / 4
Generally speaking, the current situation of information systems is frequently characterized by a lack of assimilation of new technologies, a bad use of information and technological resources, a general dissatisfaction of users, obsolescent applications, and a lack of planning.

Introduction /5
Applications in the past have not been integrated but designed as partial solutions, and they have been functioning as independent automated or manual islands. Manual processes were difficult to control and expensive to maintain. Eventually there was a lack of standards and methods and a lack of training and general culture

Introduction/6
As a result of current global competition, the organizations have to restructure their operations towards a more competitive and technological environment consequently, they have to take advantage of using information systems and technology that are secure and controlled to hold and improve their market position. This fact should both stimulate students and professionals and increase the awareness of society in

Challenges and strategies for complexity

ECONOMICAL STRATEGY (GLOBAL ECONOMICS) ORGANIZATIONAL STRATEGY

INTEGRATION CHANGE MANAGEMENT

INFORMATION SYSTEM STRATEGY

STRATEGY OF HR

This new environment increases the complexity in all kinds of relations. The complexity of systems and technologies, and the new tendencies mentioned, means an increasing complexity in the exchange of products and services which leads into an increasing complexity in the corporate infrastructure and relations of all kinds. This increased complexity impacts in the general decision making process

General audit concepts

Audit definition. Generally speaking, when it comes to auditing, we speak of a control tool, which involves a methodology to establish criteria so that we can measure the effectiveness, efficiency and possible deviations from the established objectives of a given system.

General audit concepts

Types or functions.
Financial Auditing Production Auditing Human Resources Auditing Environmental Auditing Etc.

Information Systems Auditing

The new developments in information and related technologies have had an enormous impact and influence on the generation of financial statements, administrative systems and procedures and accounting. As soon as data and management procedures are handled by automated systems, information systems auditing comes into place. This includes new

Changes in auditing procedures

Evaluation of automated controls. Evaluation of effective and efficient use of automated systems and resources.

Impact on the scope and procedures of the following main circumstances:

Basic accounting controls in computer programs. Integration of accounting systems through initial data input and databases. Use of computer capacity for decision making. Automatic transaction initiation. Loss of visible audit trails. Use of realtime processing.

Audit perspective for automated systems

Orientation on systems Orientation on data.

Information System Auditing Objectives

Validation of the organizational aspects and administration of the information service function. Validation of the controls of the system development life cycle. Validation of access controls to installations, terminals, libraries, etc. Automation of internal auditing activities. Internal training. Training members of the information service

Information System Audit Plan

Definition of scope and objectives. Analysis and understanding of standard procedures. Evaluation of system and internal controls. Audit procedures and documentation of evidence. Analysis of facts encountered. Formation of opinion over the controls.

Audit techniques/1
Compliance Tests: They verify the correct execution or registration of an operation or process through its repetition or observation. (Test data, logic reviews, and sample of a file). Substantive Tests: They make analytic review of real data, to test its quality, by using certain audit

Audit techniques/2
Interviews (management, staff, operators, users). Observation "on location" of the work environment. Audit guidelines and control objectives (checklists to review controls). Organizational structure, flow charts (of manual and automated operations), file interrelations. System documentation and descriptions

Audit techniques

Use of specific audit software. Statistical sampling. Performing other kinds of specific tests to get evidence.

Autoevaluacin 3
1.- Mencione y explique la relacin de la auditoria informtica con las organizaciones actuales. 2.- Qu aspectos negativos encontramos al realizar una auditoria informtica? 3.- Por qu se dice que la auditoria es una herramienta de control? 4.- Enuncie y explique 2 de los objetivos de la auditoria en informtica. 5.- Con qu termina el plan de auditoria y que finalidad tiene? 6.- Enuncie y explique 2 tcnicas de auditoria

Bibliografa

Piattini M. Auditing Information Systems [e-book]. IGI Global; 2000. Available from: eBook Collection (EBSCOhost), Ipswich, MA. Accessed October 7, 2011.