1 / 18

Chapter 20 IT Auditing: Career Planning and Development, Evaluating Audit Quality and Best Practices

Chapter 20 IT Auditing: Career Planning and Development, Evaluating Audit Quality and Best Practices. MBAD 7090. Objectives. Career planning and development Elements of quality IT audit Best practices for IT auditing . A Brief Review.

clark
Download Presentation

Chapter 20 IT Auditing: Career Planning and Development, Evaluating Audit Quality and Best Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 20 IT Auditing: Career Planning and Development, Evaluating Audit Quality and Best Practices MBAD 7090 IS Security, Audit, and Control (Dr. Zhao)

  2. Objectives • Career planning and development • Elements of quality IT audit • Best practices for IT auditing IS Security, Audit, and Control (Dr. Zhao)

  3. A Brief Review • Chapters 1-3 provided the history and evolution of this profession. • Chapter 4 provided the role and importance of IT auditing in systems development. • Chapter 5-17 provided the role and importance of IT auditing in IT organization, applications, and operations. • Chapter 18-19 provided information on the impact of the legal environment, security and privacy issues on the IT auditor. IS Security, Audit, and Control (Dr. Zhao)

  4. IT Audit Career Planning and Development • A career path • Definition of knowledge, skills, and abilities • Performance assessment • Performance counseling and feedback • Training and professional development IS Security, Audit, and Control (Dr. Zhao)

  5. Career Path • Must be formal and communicated to employees • Career advancement provides more incentives than a monetary reward • Must be supported by management • Challenge: matching individual career paths with organizational objectives • Consider both short term goals and long term goals. • Q: What is your ideal career path? IS Security, Audit, and Control (Dr. Zhao)

  6. IT Audit Career Path Director of IT audit or internal audit • Into Managerial Positions in: • Operational management • Management consulting • Accounting or finance • Information technology • Security • Computer forensics Audit manager-IT Senior IT auditor IT auditor IT audit trainee IS Security, Audit, and Control (Dr. Zhao)

  7. Knowledge, Skills and Abilities • For each position within the career path, the level of knowledge, skills, and abilities must be defined. • Job description or position description must be communicated to employees as well as any future updates or changes. • ISACA professional competence standards: • The IS auditor should be professionally competent, having the skills and knowledge to conduct the audit assignment. • The IS auditor should maintain professional competence through appropriate continuing professional education and training. IS Security, Audit, and Control (Dr. Zhao)

  8. Environmental Effects on IS/IT Auditors’ response to competency requirements IS Security, Audit, and Control (Dr. Zhao)

  9. Accountancy Entry Path, what skills do you need? IS Security, Audit, and Control (Dr. Zhao)

  10. Accountancy Entry Path, what skills do you need? IS Security, Audit, and Control (Dr. Zhao)

  11. Performance Assessment • Must integrate with organization’s goals and objectives. • Must articulate criteria for measurement of performance • Must articulate criteria for level of performance • Must be communicated to employees at all levels as well as updated in a timely manner • Feedback and counseling is important • Performed on an annual basis at minimum • Must be supported by management IS Security, Audit, and Control (Dr. Zhao)

  12. Performance Counseling and Feedback • Feedback and counseling is important • Performed on an annual basis at minimum • Must be supported by management IS Security, Audit, and Control (Dr. Zhao)

  13. IT Audit Training • Must be formal • Audit methodology development • Communication development • Technical development • Must be integrated with performance counseling and feedback • Must be supported by management (commitment of employee time and resources) • Must use internal and/or external resources IS Security, Audit, and Control (Dr. Zhao)

  14. Professional Development • Involvement in professional associations that support the discipline or provide developmental skills • Pursuit of professional certifications that enhance the individual’s and organization’s expertise • CPA, CISA, CISM, etc. • Others which demonstrate proficiency in vendor technology (CISCO, Microsoft, etc.) IS Security, Audit, and Control (Dr. Zhao)

  15. Evaluating IT Audit Quality • Development of criteria by auditor and auditee and supported by management • The development of metrics to collect and measure results over time for evaluation purposes • Implementing, monitoring and reviewing results • Example: Exhibit 6, pp. 580 • Criteria for assessing the audit • Criteria for assessing the auditor IS Security, Audit, and Control (Dr. Zhao)

  16. Best Practices • Efficiency • Add value to client/auditee and organization • Advancement in technology or methodology • Learn from others’ experiences and practice and improvise for use • External environment: entertainment, financial, and industrial • Size: small vs. large • Organizational differences: structures, cultures, etc. IS Security, Audit, and Control (Dr. Zhao)

  17. Best Practices in IT Audit Planning • Research • Benchmarking • Planning memo • Budget coordination • Risk analysis • Total exposure • Time since last audit • Kick-off meeting/lunch meetings • Staff mentoring and coaching • Understanding requirements IS Security, Audit, and Control (Dr. Zhao)

  18. Summary • IT auditing is both a career and a profession. • Career development is an essential component supporting this career • Evaluation of IT audit quality is a process that can assist in answering management’s questions about audit efficiency, effectiveness, and quality. • Best Practices is a means for sharing experiences and lessons learned with others in the quest for improving the quality of the audit process. IS Security, Audit, and Control (Dr. Zhao)

More Related