It Audit Guide Essay

4838 words - 20 pages



Australian Government
Department of Defence

Information System Audit

January 2012

Table of Contents

1. Introduction to Accreditation 4

2. The Information System Audit – Checklist 7

2.1. What is an Information System Audit? 7
2.2. Why is an Information System Certification needed? 7
2.3. Assessing an Information System’s Security Risks 7
2.4. Selecting an Information System’s Security Controls 7

3. Purpose of the Checklist 8

4. How to Use the Checklist 8

4.1. The Checklist Structure 8
4.2. Security Objectives 9
4.3. Guidance for IRAP Assessors 9
4.4. Information ...view middle of the document... |
| |
| |
|© Australian Government 2011 |
| |
|This work is copyright. You may download, display, print and reproduce this material in unaltered form only (retaining this |
|notice) for your personal, non-commercial use or use within your organisation. Apart from any use as permitted under the |
|Copyright Act 1968, all other rights are reserved. |

|Assessment Details |
| |
|Agency Name: ________________________________________________ |
|Agency ITSA:_________________________________________________ |
| |
|IRAP Assessor: ______________________________________________ |
| |
|Date of IRAP Audit: ___________________________________________ |
Introduction to Accreditation

Government Agencies are required under the Protective Security Policy Framework (PSPF) to consider the security of their electronic information systems and to implement safeguards designed to adequately protect these essential systems.

The Defence Signals Directorate regularly issues the Australian Government Information Security Manual (ISM). This manual defines the Australian Government’s information security best practices and is designed to provide assistance with information security to State & Federal Government agencies.

An information security audit is conducted as part of the wider accreditation process. The aim of an information security audit is to review the information system architecture (including the information security documentation), assess the actual implementation and effectiveness of controls for a system and to...

Other Papers Like It Audit Guide

Hotel Fragnance Essay

4412 words - 18 pages achievement of the organization's objectives" (The IIA Glossary). Answer (D) is incorrect. Monitoring consists of actions taken by management and others to assess the quality of internal control performance over time. It is not currently defined in the Standards and The !IA Glossary. 44 SU 1: Strategic and Operational Roles of Internal Audit 1.5 Coordination 13. Who has primary responsibility for providing information to the board on the

Feasibility Study Essay

3640 words - 15 pages Building an Effective Internal IT Audit Function (While this topic is written from an internal auditor's perspective, the concepts and philosophies can be adapted to guide the external audit function as well) AUDIT DEPARTMENT PURPOSE Why does the internal audit department exist? What's the end goal? * Is our purpose to issue reports? * To raise issues? * To make people look bad? * To show how smart we are and how dishonest

System Integrity and Validation

1782 words - 8 pages Over the past several weeks I have had the opportunity to study Kudler Fine Foods operations. This has included their financials, inventory, payroll, and human resources. The attached brief explores audit productivity software used by Kudler’s audit firm and how it can help Kudler improve its operation and plans for expansion. Computer Assisted Auditing Techniques Computer Assisted Audit Techniques (CAATs) are computer base tools that an

Hulme Case

3372 words - 14 pages , which led to more time required from senior associates to help guide junior associates and co-op students through the company’s new set of circumstances and c) since the tax team did not attend the planning meeting, Dee and Michaels had to allocate time to answer their questions during the audit. 3) The audit team did not receive necessary information from Spector in a timely manner. It was not until the third day of the audit that the

Good Corporate Governance

4741 words - 19 pages the procedure for expending public money. •   Audit of sanctions to expenditure to see that every item of expenditure was done with the approval of the competent authority in the Government for expending the public money. •   Propriety Audit which extends beyond scrutinising the mere formality of expenditure to it wisdom and economy and to bring to light cases of improper expenditure or waste of public money. •   While conducting the audit of

Generally Accepted Auditing Standards

1107 words - 5 pages statements audit, an operational audit, or a compliance audit, the GAAS are the guiding framework for a successful and compliant audit. The General Standards guide the qualifications of the auditor and the quality of the work. The Standards of Field Work guide the auditors conduct in the field. The standards of Reporting guide the four reporting standards that must be met. Combined with SOX and the PCAOB, plus the multitude of financial regulatory

Continuous Accounting

2094 words - 9 pages reviews). History According to the Global Technology Audit Guide the origins of continuous auditing began in the 1960s with the installation and implementation of embedded audit modules. Because these modules were difficult to build and maintain they weren’t used by many organizations. In the 70s and 80s, however auditors began to move away from this and began using computer-assisted audit tools and techniques for investigation and analysis

Audit Procedure of Opsonin Pharmaceutical

3767 words - 16 pages by us * Substantive procedures * Independent Auditor’s Report | | Executive summary Auditing is an essential field in the modern business sector. It encompasses the overall financial aspects of a company. It provides extra confidence to the stakeholders of the organization concerned. In todays world a public organization can not be imagined without audit. When assigned by our honorable course teacher to conduct analysis based on

Sarbanes Oxley - Ceo's And Cfos

954 words - 4 pages The CEO's and CFO's Of Public Companies Section 204 Sarbanes-Oxley Act (SOX) mandates that the public accounting firms, or auditors hired by a publicly traded companies will report to an Audit Committee that serves on the Board of Directors of that company. Also, this section outlines the information that the auditors will have to report to the Audit Committee such as, accounting policies and practices used by the company, alternative

Input Controls

837 words - 4 pages control includes the necessary measures to ensure that input data is correct, complete and secure (Rosenblatt & Shelly, 2012). Some examples of input controls are audit trails, encryption, password security, and data security, just to name a few. Input Controls To begin, audit trails record the source of data each data item, and when that data enters the system (Rosenblatt & Shelly, 2012). It is a series of records of computer events

Auditor Independence

1180 words - 5 pages bookkeeping and other accounting services, financial information systems design and implementation, appraisal or valuation services, legal and expert services unrelated to the audit and any other services unrelated to the audit. The SEC has four principles to guide the application of independence and how it may be impaired. If the relationship creates a mutual or conflicting interest between the accountant and audit client; places the

Related Essays

Audit Process Letter Essay

1402 words - 6 pages reporting framework is appropriate. My objective is to plan the audit so that it is conducted efficiently and effectively, in accordance with Generally Accepted Auditing Standards. I will take into consideration the preliminary planning activities such as the client acceptance, ethical position of our audit firm and our understanding of the entity and its environment, including its internal control, to develop an effective and efficient overall

Pengauditan Sistem Informasi Essay

662 words - 3 pages … asset safeguarding system efficiency IS Auditing system effectiveness data integrity 8 Information Technology Auditing IT audits: provide audit services where processes or data, or both, are embedded in technologies (Hall, 2011).  Joint with internal, external, and fraud audits  Scope of IT audit coverage is increasing  Characterized by CAATTs  IT governance as part of corporate governance 9 Phases of the

Risk Management Planning Essay

1693 words - 7 pages assurance-focused internal control activities vs. consulting activities perceived to add value to lines of business. A mission statement that does not align clearly and directly with stakeholder expectations is of little value and can be a detriment to achieving strategic performance. A strategic plan helps guide the development of the internal audit function. The plan is more than a point-in-time risk assessment. It formally defines the value

Auditing Introduction Letter Essay

1073 words - 5 pages such as a review of historical financial statements. In this type of engagement, the financial statements are reviewed to assure the financial statements are in conformity with accounting standards. A report is issued upon completion of a review but it provides less assurance than an audit would. A benefit of a review is that it is less expensive than an audit but still provides assurance. My Role As senior manager, my role in providing the