An IS audit aims to establish whether information systems are safeguarding corporate assets, maintaining the integrity of stored and communicated data, supporting corporate objectives effectively, and operating efficiently.
The guidelines led the BFIs to implement an Internal Control framework, based on various standards and its own control requirements. As a result, a BFI’s management needs assurance on the effectiveness of internal controls implemented and expect the IS Audit to provide an independent and objective view of the extent to which the risks are managed.
⚙️The scope of an IS Audit includes:
- Determining effectiveness of planning and oversight of IT activities
- Evaluating adequacy of operating processes and internal controls
- Determining adequacy of enterprise-wide compliance efforts, related to IT policies and internal control procedures and
- Identifying areas with deficient internal controls, recommend corrective action to address deficiencies and follow-up, to ensure that the management effectively implements the required actions
🎯The IS Audit program includes:
- Audit charter, audit policy to include IS Audit
- Planning
- Executing
- Reporting and follow up
- Quality review
⚠️ Two key challenges (personal observations):
- Tailoring audit governance to include IS Audit
- Lack of internal resource to establish IS Audit program and execution