- It is the review and evaluation of the systems, procedures of the computer equipment, its use, efficiency and security, of the organization, so that through the designation of alternative courses a more efficient and secure use of the information is achieved that will serve for proper decision making.
- The establishment and maintenance of security management systems The reduction of the risks inherent in the use of ISs The increase of the trust of internal and external users in the information systems Check compliance with business requirements information, that is, the properties that the information must have to optimize its use by the organization.
GENERAL OBJECTIVES.
- Seek a better cost-benefit ratio for automated or computerized systems designed and implemented Increase the satisfaction of users of computerized systems Ensure greater integrity, confidentiality and reliability of information by recommending safeguards and controls Know the situation current information technology area and the activities and efforts necessary to achieve the proposed objectives. Security of personnel, data, hardware, software and facilities.
OBJECTIVES.
- Participation in the development of new systems. Security evaluation in the IT area. Evaluation of sufficiency in contingency plans. Backups, foresee what will happen if there are failures. Opinion of the use of computing resources. Safeguarding and protection of assets. Control of modifications to existing applications. control of program modifications.
Planning
- Plan the issues to be executed, in such a way as to ensure that a high-quality Audit is carried out and that it is achieved with the economy, efficiency, effectiveness and due promptness. The overall or general plan of the Audit is drawn up, which It must be collected in a document that contains at least: Definition of the topics and tasks to be executed Name of the specialist (s) who will intervene in each of them Expected start and end date of each task (It is considered from the exploration until completion of work).
Supervision
- The essential purpose of supervision is to ensure compliance with the Audit objectives and the reasonable quality of the work. Adequate supervision should ensure that: All members of the Audit group have clearly and satisfactorily understood the plan of
Audit.
- The Audit plan prepared for this purpose is followed and the established procedures are applied, considering the authorized modifications. The working papers contain evidence that correctly supports the points in the final report. The conclusions, details, and details are presented in the final Audit report. and recommendations.
Report
- The Audit report must have a uniform format and be divided into sections to facilitate the reader a quick location of the content of each of them. The Audit report must comply with the following principles: That it be issued by the group leader of the Acting auditors In writing Timely That is complete, accurate, objective and convincing, as well as clear, concise and easy to understand That all that is stated is reflected in the working papers and that they respond to relevant findings with sufficient evidence and competent. Reflecting an independent attitude. Showing qualification according to the evaluation of the Audit results. Quick and adequate distribution.
AUDITOR PROFILE
The characteristics of an auditor constitute the main element within an audit process; The levels of training related to the profile of an auditor are:
- Academic training: they are studies at a technical level, engineering, etc. Complementary training: it is the instruction in the subject obtained throughout their career through conferences, workshops, seminars, forums or courses Empirical training: knowledge resulting from the implementation of audits in different, with or without an academic degree.
COBIT STANDARDS
The Cobit standard (Control Objectives for Information and related Technology) offers a set of "best practices" for the management of information systems in organizations.
Its primary objective is to provide high-level guidance on where to establish internal controls.
The Cobit classifies the business processes related to Information Technology in 4 domains:
- Planning and Organization Procurement and Implementation Delivery and Support Supervision and Evaluation
COBIT is based on 5 levels
- Level 0 - Incomplete process: The process does not exist or does not meet the objectives Level 1 - Executed process Level 2 - Managed process: the process is not only in operation, but is also planned, monitored and adjusted Level 3 - Defined process: the Process, resources, roles and responsibilities are documented and formalized Level 4 - Predictable process: techniques for measuring results and controls have been defined Level 5 - Optimized process: all changes are verified to determine the impact, they have been defined mechanisms for continuous improvement, etc.
Computer-assisted audit
- CAATs are defined as computer and data programs that the auditor uses as audit procedures to process important data in an information system. The use of CAATs provides a means to improve the degree of analysis of information, in order to cover the objectives of the audit reviews, and report the findings with relevance.
MAIN OFFICES
CEA Accountants Consulting Group
- More than 30 years of experience ! Services: Accounting, Audits, Opinions, Consulting, Out Sourcing, Training.
Gutiérrez Rent Accountant accountants
- We are a group of auditors and tax accountants.
AGS public accountants & accountants lawyers
- Professionals specialized in accounting, tax, internal control, auditing and legal services
FOA office
- We are a Mexican firm that provides reliable accounting, tax, payroll, consulting and auditing services.
Kelly Accounting Consultants
- Counseling in Accounting, Auditing, and Compac Systems.
Asesoría y Servicios Consultores, SC tax advisers
- We are a group of professionals committed to providing our society with knowledge in the area of administration, finance, accounting, auditing…
Corporativo Lerín García, SC accountants
- Corporativo Lerín García, SC is a comprehensive consulting firm in accounting, administrative, financial, tax services, audits, costs…
Sbc Consultores office of public accountants
- Tax and accounting advice, general accounting of individuals and legal entities, auditing for tax purposes, special audits.
Zapata Cervantes y Asociados
- Public accountants office. Accounting, finance, auditing. Accounting based on database systems suited to customer needs.
CRM Asesores, SC accountants
- Office of Certified Public Accountants, providing Audit, Advisory, Supervision and Accounting Outsourcing services.
Morgan, Drake & Caballero attorneys
- Accounting services, international tax advice, business appraisers, auditing, strategic consulting.
To complement the content of this presentation, we suggest the following series of videos through which you can learn more about what information systems auditing is: 1. Information systems auditing concept; 2. The information systems auditor; 3. Applications of information systems auditing; 4. Development of an information systems audit: Phases; 5. Audit of information systems. Interviews and questionnaires. (Instructor: Ignacio Gil Pechuán, Polytechnic University of Valencia - UPV)
Download the original file
