Welcome to Scribd!

Skip carousel

IT AuditProcess

Uploaded by

Ravi Daga

0% found this document useful (0 votes)

39 views24 pages

Original Title

IT_AuditProcess.ppt

Copyright

Available Formats

PPT, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PPT, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

39 views24 pages

IT AuditProcess

Uploaded by

Ravi Daga

Copyright:

Available Formats

Download as PPT, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 24

Search inside document

Information Technology

Audit Process

Business Practices Seminar

Paul Toffenetti, CISA
Internal Audit
29 February 2008
Overview

• What is Internal Audit

• IT Audit Process
• Common IT Audit Observations
• So What Should We Do
• Questions
Authority and Policies
What is Internal Audit?

Internal auditing is an independent, objective

assurance and advisory activity designed to add
value and improve an organization’s operations.
Internal Audit helps organizations accomplish their
objectives by evaluating business risk and controls
and where appropriate, offer recommendations to
improve risk management and governance
processes.
Audit Process

Planning

Follow-up Testing

Reporting
Planning

• Annual Risk Assessment

• Preliminary Audit Plan
• Board of Visitors Approval
• Notification and Request for Information
• Understand Your Risks and Controls
• Opening Conference
Testing

• Security
• Backup & Recovery
• Resource Management
• Web Site
Security Testing
Remote Vulnerability Scans

Servers

If it’s on the network Printers

we scan it!

Routers

Nmap & Nessus

Workstations

Laptops
Security Testing
On-Site, Follow-up Vulnerability Tests

We Test Computers That May Have Security Vulnerabilities!

MSBA CIS Tools & Benchmarks

WinAudit

Workstations Laptops Servers

Backup & Recovery Testing
You Must Have Effective Controls to Backup & Recover

“Critical Data”
Resource Management Testing
Computer Hardware & Software

Procurement through Surplus

Web Site Testing

• University Relations Web Guidelines & Procedures

• Web Development Best Practices
• Content Recommendations
• Templates
• Privacy Statement (Policy 7030)
• Web Server & Application Security
Reporting
Observations

When Unexpected Results are Noted

We Solicit Your Comments

Reporting
Recommendations

We May Recommend Opportunities

To Improve Your Controls

Reporting
Management Action Plans

You Develop Plans, Schedules, and Priorities

To Implement Solutions
Reporting
A Final Report is Sent
to
The Board of Visitors
Follow-Up

• Follow-Up Actions are Based on Your

“Management Action Plan”
• Progress is Monitored
• Some Re-Testing May be Necessary
• Board of Visitors is Updated
• Audit is closed
Common Audit Observations
Weak Security Settings

Windows Operating System

Common Audit Observations

Missing Security Patches

Operating Systems
Applications
Databases
Common Audit Observations

Misconfigured Anti-Malware Tools

Out-of-Date Threat Signatures

Scans Not Scheduled
Common Audit Observations

Inadequate Access Controls

Weak Passwords & File Permissions

Common Audit Observations

Open Communication Ports

The Hacker’s Point of Entry

Common Audit Observations
“The System Administrator’s Dilemma”
Convenience Security

How Much Risk is Senior Management Willing to

Accept?
So What Should We Do?
• Harden Security Settings
• Keep Everything Patched
• Install and Use Anti-Malware Tools
• Enforce Strong Passwords
• Close or Filter Communication Ports
• Test Your Systems
• Support Your System Administrator!
Questions
“Success Redefined”

Information Systems Auditing: The IS Audit Testing Process
From Everand
Information Systems Auditing: The IS Audit Testing Process
Robert E. Davis
Rating: 1 out of 5 stars
1/5 (1)
IT Audit Process
Document24 pages
IT Audit Process
gsarwar0786
100% (2)
Mastering System Center Configuration Manager
From Everand
Mastering System Center Configuration Manager
Vangel Krstevski
No ratings yet
Presentation 1 - Introduction
Document25 pages
Presentation 1 - Introduction
nabila ra
No ratings yet
Network Security Control A Complete Guide - 2019 Edition
From Everand
Network Security Control A Complete Guide - 2019 Edition
Gerardus Blokdyk
No ratings yet
Practical Information Technology Auditing
Document16 pages
Practical Information Technology Auditing
fpokoo_aikins
No ratings yet
Server Security A Complete Guide - 2020 Edition
From Everand
Server Security A Complete Guide - 2020 Edition
Gerardus Blokdyk
No ratings yet
Threat and Vulnerability Management - Ryan Elmer - Frsecure
Document34 pages
Threat and Vulnerability Management - Ryan Elmer - Frsecure
ahmad.nawaz
No ratings yet
Governance, Risk, and Compliance Handbook for Oracle Applications
From Everand
Governance, Risk, and Compliance Handbook for Oracle Applications
Adil R Khan
No ratings yet
3 Lines of Defence - IT Audit
Document29 pages
3 Lines of Defence - IT Audit
Anjali Mahajan
No ratings yet
Network Firewall Inspection A Complete Guide - 2019 Edition
From Everand
Network Firewall Inspection A Complete Guide - 2019 Edition
Gerardus Blokdyk
No ratings yet
Domain 6 - Security Assessment & Testing
Document20 pages
Domain 6 - Security Assessment & Testing
Louie Mok
No ratings yet
Computer Security Audit A Complete Guide - 2020 Edition
From Everand
Computer Security Audit A Complete Guide - 2020 Edition
Gerardus Blokdyk
No ratings yet
CNIT 125: Information Security Professional (Cissp Preparation)
Document25 pages
CNIT 125: Information Security Professional (Cissp Preparation)
sandra072353
No ratings yet
Mod - 4 CNS
Document42 pages
Mod - 4 CNS
md istiyak
No ratings yet
Webinar - NXT Audit - April
Document39 pages
Webinar - NXT Audit - April
Sinoj AS
No ratings yet
Thor Teaches Study Guide CISSP Domain 6
Document11 pages
Thor Teaches Study Guide CISSP Domain 6
baby
No ratings yet
02 - C - Amazon Inspector
Document33 pages
02 - C - Amazon Inspector
Srinivasan
No ratings yet
Chapter 7 Auditing in A Computerized Environment
Document7 pages
Chapter 7 Auditing in A Computerized Environment
Aimerose Obedencio
No ratings yet
The Role of IT Audit
Document30 pages
The Role of IT Audit
Trifan_Dumitru
No ratings yet
Monitoring and Auditing
Document31 pages
Monitoring and Auditing
Florence Heart Viñas
No ratings yet
Audit of IT Security 061cab1246c98f6 59791303
Document42 pages
Audit of IT Security 061cab1246c98f6 59791303
PRUTHVI S
No ratings yet
I T: T V D W S: Ntelligence Esting Echniques For Alidating A ATA Arehouse Ystem
Document32 pages
I T: T V D W S: Ntelligence Esting Echniques For Alidating A ATA Arehouse Ystem
manzoor hussain
No ratings yet
Basic Concepts of Software Testing and Objective of Testing
Document35 pages
Basic Concepts of Software Testing and Objective of Testing
H1124Manaswi More
No ratings yet
Chapter XI SIA
Document5 pages
Chapter XI SIA
Alifiyan NF
No ratings yet
Mukundadura Hiruni Sachinthika: Career Objective
Document7 pages
Mukundadura Hiruni Sachinthika: Career Objective
suneth chanaka
No ratings yet
Modern Auditing: Modern Auditing
Document27 pages
Modern Auditing: Modern Auditing
Vincent Bolster
No ratings yet
Chapter 11
Document27 pages
Chapter 11
Farhan Ari
No ratings yet
Data Testing
Document21 pages
Data Testing
Flash Gordon
No ratings yet
Chapter 7 Characteristics of CIS Environment
Document40 pages
Chapter 7 Characteristics of CIS Environment
EISEN BELWIGAN
No ratings yet
Pertemuan 2 - Information System Risk and Control
Document72 pages
Pertemuan 2 - Information System Risk and Control
Rey Ra
No ratings yet
Pertemuan 3 - Sesi 5 Dan 6
Document70 pages
Pertemuan 3 - Sesi 5 Dan 6
Sheila Najla
No ratings yet
Software Quality Assurance: CIS 375 Bruce R. Maxim UM-Dearborn
Document36 pages
Software Quality Assurance: CIS 375 Bruce R. Maxim UM-Dearborn
Sabahat Hussain
No ratings yet
Real World Software Testing
Document289 pages
Real World Software Testing
Kapil Samadhiya
99% (74)
ISAA
Document38 pages
ISAA
rishabh agrawal
No ratings yet
Offline Assessment For SCOM
Document2 pages
Offline Assessment For SCOM
robi89stefan
No ratings yet
ISTQB (Part 1)
Document18 pages
ISTQB (Part 1)
Ahmad Gafar
No ratings yet
CISSP - Domain 6 - Security Assesment and Testing
Document26 pages
CISSP - Domain 6 - Security Assesment and Testing
Jerry Shen
No ratings yet
Istqb
Document49 pages
Istqb
madhumohan
100% (1)
Romney Ais13 PPT 11
Document18 pages
Romney Ais13 PPT 11
SHAFIRA NADYNE PRADIVA 1
No ratings yet
Audit Considerations For Your 11i Implementation: Richard Byrom Oracle Applications Consultant UKOUG November 2004
Document46 pages
Audit Considerations For Your 11i Implementation: Richard Byrom Oracle Applications Consultant UKOUG November 2004
Srinibas Mohanty
No ratings yet
Vulnerability Assessment and Penetration Testing
Document25 pages
Vulnerability Assessment and Penetration Testing
Yonas Mengistu
No ratings yet
Vulnerability Assessment & Penetration Testing (VAPT) Basics & Methodologies
Document17 pages
Vulnerability Assessment & Penetration Testing (VAPT) Basics & Methodologies
Yonas Mengistu
No ratings yet
Accounting Information Systems: Moscove, Simkin & Bagranoff
Document37 pages
Accounting Information Systems: Moscove, Simkin & Bagranoff
Daianna
No ratings yet
Q Pulse Product Brochure
Document6 pages
Q Pulse Product Brochure
popatlilo2
0% (1)
Software Testing and Analysis
Document68 pages
Software Testing and Analysis
chithu_s
No ratings yet
Software Quality Assurance 2021
Document23 pages
Software Quality Assurance 2021
Aqib Asad
No ratings yet
Chapter 7 - Internal Control and Enterprise Risk Management - Student
Document22 pages
Chapter 7 - Internal Control and Enterprise Risk Management - Student
Mark Lawrence Yusi
No ratings yet
Information Security Audit and Features
Document45 pages
Information Security Audit and Features
Aditya
No ratings yet
Audit - Internal Manufacturing Industry
Document30 pages
Audit - Internal Manufacturing Industry
Sinoj AS
No ratings yet
79 Guide To Cybersecurity Framework - Become Cyber Resilient
Document16 pages
79 Guide To Cybersecurity Framework - Become Cyber Resilient
botnet.inbox
No ratings yet
ASI - IT Risk and Controls
Document19 pages
ASI - IT Risk and Controls
Arthia Ruth
No ratings yet
10.2 Using Caatts
Document38 pages
10.2 Using Caatts
Pauline Mercado
No ratings yet
Verification and Validation: CIS 376 Bruce R. Maxim UM-Dearborn
Document40 pages
Verification and Validation: CIS 376 Bruce R. Maxim UM-Dearborn
Anonymous GbXZRpJC
No ratings yet
Information System Auditing: Yu Xiaobing (余小兵) CISA
Document47 pages
Information System Auditing: Yu Xiaobing (余小兵) CISA
Mishaal Akram Shafi
No ratings yet
Software Quality Assurance 2020
Document25 pages
Software Quality Assurance 2020
Aqib Asad
No ratings yet
Software Testing
Document25 pages
Software Testing
Martin Obretenov
No ratings yet
Security Cyber Analyst v3
Document1 page
Security Cyber Analyst v3
lava.sky10
No ratings yet
Host Hardening
Document28 pages
Host Hardening
YonGode
No ratings yet
2017 - Develop A Roadmap For The Implementation of A Global CSV Program
Document74 pages
2017 - Develop A Roadmap For The Implementation of A Global CSV Program
kaka**
No ratings yet
Advanced Herd Health Management, Sanitation and Hygiene
Document28 pages
Advanced Herd Health Management, Sanitation and Hygiene
jane entuna
No ratings yet
Acceptable Use Policy 08 19 13 Tia Hadley
Document2 pages
Acceptable Use Policy 08 19 13 Tia Hadley
api-238178689
No ratings yet
Guidelines For Doing Business in Grenada & OECS
Document14 pages
Guidelines For Doing Business in Grenada & OECS
Charcoals Caribbean Grill
No ratings yet
Capgemini - 2012-06-13 - 2012 Analyst Day - 3 - Michelin - A Better Way Forward
Document12 pages
Capgemini - 2012-06-13 - 2012 Analyst Day - 3 - Michelin - A Better Way Forward
Avanish Verma
No ratings yet
Chemical & Ionic Equilibrium Question Paper
Document7 pages
Chemical & Ionic Equilibrium Question Paper
misostudy
No ratings yet
Vq40de Service Manual
Document257 pages
Vq40de Service Manual
jaumegus
100% (4)
Department of Education: Raiseplus Weekly Plan For Blended Learning
Document3 pages
Department of Education: Raiseplus Weekly Plan For Blended Learning
MARILYN CONSIGNA
No ratings yet
Previews 1633186 Pre
Document11 pages
Previews 1633186 Pre
David Moreno
No ratings yet
ID25bc8b496-2013 Dse English Paper
Document2 pages
ID25bc8b496-2013 Dse English Paper
Simpson Wainui
No ratings yet
This Is A Short Presentation To Explain The Character of Uncle Sam, Made by Ivo Bogoevski
Document7 pages
This Is A Short Presentation To Explain The Character of Uncle Sam, Made by Ivo Bogoevski
Ivo Bogoevski
No ratings yet
Journal of Molecular Liquids
Document11 pages
Journal of Molecular Liquids
Dennys Macas
No ratings yet
SY22-23+Annual+Report Final
Document47 pages
SY22-23+Annual+Report Final
Norus Liza
No ratings yet
Overlay Control Plans
Document1 page
Overlay Control Plans
STS-SPARK GAMING
No ratings yet
Clinical Skills Training
Document12 pages
Clinical Skills Training
Sri Wahyuni Sahir
No ratings yet
Sheetal Patil
Document4 pages
Sheetal Patil
sheetal
No ratings yet
Tec066 6700 PDF
Document2 pages
Tec066 6700 PDF
Exclusivo VIP
No ratings yet
Dist - Propor.danfoss PVG32
Document136 pages
Dist - Propor.danfoss PVG32
Michal Bujara
No ratings yet
MegaMacho Drums BT READ ME
Document14 pages
MegaMacho Drums BT READ ME
MirkoSashaGoggo
No ratings yet
Febrile Neutropenia Guideline
Document8 pages
Febrile Neutropenia Guideline
Aslesa Wangpathi Pagehgiri
No ratings yet
HR Practices in Public Sector Organisations: (A Study On APDDCF LTD.)
Document28 pages
HR Practices in Public Sector Organisations: (A Study On APDDCF LTD.)
prafful
No ratings yet
The One With The Thumb
Document4 pages
The One With The Thumb
noelia20_09
No ratings yet
Kallatam of Kallatar (In Tamil Script Tscii Format)
Document78 pages
Kallatam of Kallatar (In Tamil Script Tscii Format)
rprabhu
No ratings yet
Developpments in OTC Markets
Document80 pages
Developpments in OTC Markets
RexTrade
No ratings yet
Study and Interpretation of The Score
Document10 pages
Study and Interpretation of The Score
DwightPile-Gray
No ratings yet
TB 60 Repair Parts PDF
Document282 pages
TB 60 Repair Parts PDF
vatasa
100% (2)
Parrot Mk6100 Userguide Zone1
Document100 pages
Parrot Mk6100 Userguide Zone1
Maria Martin
No ratings yet
Blackbook 2
Document94 pages
Blackbook 2
yogesh kumbhar
No ratings yet
PM 50 Service Manual
Document60 pages
PM 50 Service Manual
Leoni Anjos
No ratings yet
The New Art of Photographing Nature - Excerpt
Document15 pages
The New Art of Photographing Nature - Excerpt
Crown Publishing Group
No ratings yet
Solutions DPP 2
Document3 pages
Solutions DPP 2
Tech. Videcious
No ratings yet