Information Systems Audit Control Association the caput one-fourth based in Illinois, USA founded in 1969, as EDP Auditors Association Not-for-profit, non-commercial and their members More than 86,000 in 185 chapters in over 75 states
For ISACA ( China Hong Kong Chapter ) is established in 1982 and presently holding around 4,000 members in HK & A ; Mainland China voluntaries from IT, IT audit and accounting related countries. ISACA provided Quality CPD programmes, seminars & A ; conferences, leading preparation and professional networking.
Their Representations in statute law & A ; public forums will print Newsletters, research, and networking and forming CISA / CISM Review Courses.
Manulife is to be the most professional fiscal services organisation in the universe, supplying strong, dependable, trusty and forward-thinking solutions for our clients ‘ most important fiscal determinations.
What is CISA
CISA is world-renowned as the criterion of accomplishment for those who audit, control, proctor and measure an organisation ‘s information engineering and concern systems.
More than 75,000 professionals in about 160 states have earned theA Certified Information Systems Auditor ( CISA ) enfranchisement since its origin in 1978. The CISA appellation was created for professionals with work experience in information systems scrutinizing, control or security that include:
The Procedure of Auditing Information Systems
Administration and Management of IT
Information Systems Acquisition, Development and Implementation
Information Systems Operations, Maintenance and Support
Protection of Information AssetsA[ 1 ]
The CISA enhanced proficient cognition and accomplishments, proficiency toward or organisational excellence. It makes calling promotion to obtain certificates and professional image. Meanwhile there are over 73,000 professionals who have gained the CISA appellation worldwide.
What is Auditor and IS Auditor
Before speaking the IS Auditor, I think we may break to understand what is Auditor foremost. Many people or foreman were thought that hearers are nightmare, they detected their companies what is traveling incorrect and figure out what they are n’t making good, so the companies need to alter and following such sort of immense process or instructions. Therefore the companies may conceal those jobs. And sometimes if the companies can non go through through the audit study, their public offering enfranchisement will be disqualified how immense they will be lost to go a existent incubus.
And we can alter another angle to position hearers, they could be spouses who help you to avoid the hazard, figure out the possible hazard and do you safe. If some large stockholders have hidden some fiscal dealing and subsequently the jobs was figured out and go against the IPO, it is excessively late for you to rectify. So why you do n’t believe that hearers are your friend alternatively of enemy? They can place your hazard, making the hazard appraisal, giving advice and recommend, support redress and uninterrupted monitoring every bit good as follow-up. Just like the life guard his chief responsibility is to protect the assets on the beach and other swimmer good being. Same as you, he enjoys to see and to guarantee a peaceable and safe environment.
And why we besides need the IS Audit? It collected and measuring grounds of an organisation ‘s information systems, patterns and operations. The rating of obtained grounds determines if the information systems are safeguarding assets, keeping informations unity, and runing efficaciously to accomplish the ends or aims.
Here are some types of IS Audits
Computer audit for fiscal audit maps
IT administration, hazard appraisal, security, controls consultative
Data centre audit
Infrastructure & A ; web audit
Change direction audit
System development, application & A ; care audit
Disaster recovery & A ; concern continuity planning audit
Regulatory & A ; company policy conformity confidence
Technology related fraud & A ; incident probe & A ; forensics
Case Sharing of IS Audit
To do you more easy to follow the below instances, I would wish to give you the IS audit procedure graph.
First, we need to understand and be aftering what are we traveling to make. How big is the range and understand the concern processing. Computer treating environment is a computing machine processing location that supports a computing machine hardware and operating system environment. And controls related to the computing machine processing environment within which application systems are developed, maintained and operated.
We besides need to command the application parts, analyzing the whole application flow, figure out the losing procedure and map. Testing the application and eventually they have given us some observations and recommendations.
For this portion, I have some experience to portion for you ; my company becomes publically traded company in US on twelvemonth 2009. We have spent around three old ages to go through the SOX audit, and I have involved in the IS audit portion. Actually my head one-fourth office has SOX internal audit squad, many of the processs has established and we need to acquire many and many blessing before some operations. For illustrations, we can non utilize manual backup procedure ; the backup package should accomplish the SOX conformity. E.g. the backup must be encrypted by at least 128bit AES encoding, email presentment with text file fond regards. We have some standard keeping period and the backup package can bring forth backup study, etc. Meanwhile for the backup media, we must utilize backup tapes, the backup tape need to offsite. So we need to happen seller to accomplish this, day-to-day backup study was required by direction. If the backup occupations were failed, we must drop it down to a study and re-run until it is successful. Many day-to-day occupations were needed appearaˆ¦aˆ¦
Another instance, to accomplish the computing machine login conformity of SOX, my company created a planetary substructure system undertaking, we are traveling to alter the computing machine login system which end with SOX. As Hong Kong is Asia Pacific head one-fourth we have besides worked with China, Taiwan, and Singapore and India offices. It spends 2 million of US dollars, this including Windowss server license upgrade, and computing machine waiter hardware and cyberspace bandwidth.
After the installing, it is non equal to complete the undertaking. It begins the phase two. Previously we have n’t any ordinance of making computing machine login history. And now an history opening signifier was required and this signifier must be signed by section caput, Human Resources director and IT decision maker before making. Besides for the booklet permission and end user history, we need to subject a signifier excessively and blessing by direction. It makes the complicated and muss at the beginning, we have many of inquiry Markss and how to follow those signifiers. We spent around one twelvemonth to discourse with US to do every bit smooth as today.
Finally my company has passed the SOX, and we need to maintain all the processs afterwards.
Challenges of IS Audit
Merely like Luke said IS hearer is smart, but why they can ever to inquire many of inquiries and figure out what ‘s incorrect of the company? They have making tonss of research and discuss before working with you. So it is a difficult working industry, besides if you have n’t immense experience, you possibly sap by the clients. Therefore the audit must pay more attending for working due to they can non do error.
They need to believe globally, high degree of mobility & A ; flexibleness. Keep abreast on new engineerings & A ; their hazard, security and control deductions, and Knowledge of up-to-date & A ; relevant guidelines & A ; good patterns. Tactful & A ; concern heads, good communicating & A ; dialogue skills Capable to bring forth good quality study with operable suggestions for betterment.
Cloud computer science is going a large challenge for IS Auditing. Cloud calculating supply flexible, available, resilient and efficient IT services, therefore it besides has certain of hazard to be considered Reliability of Service Providers, Service Level Management, Compliance, Availability, Confidentiality, Data Privacy and Ownership of Data.
There are many audit theoretical accounts for us to follow and cite, merely like the SOX conformity. We need to carry through all the needed conformity. However, how can we execute it efficiency? We must believe hearers were good cats they are our spouse, they help us to do net income. Just like teammate, during the internal challenge we can hold new thought and motive to make better in future. Overall I think IS audit is a good pattern for company to run as a criterion and officially. And it built a good image for public, and do confident for the concern development.