Requirements: Reflection Paper: How will your learning in this chapter benefit you in future profession?

AUDITING IN CIS ENVIRONMENT CHAPTER 1 INTRODUCTION ON IS AUDIT Objective 1. Explain the definition of IS Audit. 2. Explain the objective of IS Audit 3.Discuss about understanding computerized environment Introduction The Working Group on Information Systems Security for the Banking and Financial Sector' constituted by Reserve Bank of India enumerated that each Bank in the country should conduct 'Information Systems Audit Policy' of the Bank. Accordingly Information Systems Audit and Security cell prepare Information Systems Audit Policy. The fundamental principle is that risk and controls are continuously evaluated by the owners, where necessary, with the assistant of IS Audit function. The business operations in the Banking and Financial sector have been increasingly dependent on the computerized information systems over the years. It has now become impossible to separate information Technology from the business of the banks. There is a need for focused attention of the issues of the corporate governance of the information systems in computerized environment and the security controls to safeguard information and information systems. The developments in Information Technology haveAUDITING IN CIS ENVIRONMENT Understanding Computerized Environment In this section we explain how a computerized environment changes the way business is initiated, managed and controlled. Information technology helps in the mitigation and better control of business risks, and at the same time brings along technology risks. Computerized information systems have special characteristics, which require different types of controls. Technology risks are controlled by General IS controls and business risks are controlled using Application controls. Even though the controls are different, the objectives of the audit function do not change whether information is maintained in the computerized environment or a manual environment; the tools and techniques are different. The changes in control and audit tools as well as techniques have resulted in new methods of audit. The internal controls are mapped onto the technology. These controls and their mapping need to be understood as also methods to evaluate and test these controls. The auditor must learn new skills to work effectively in a computerized environment These new skills are categorized in three broad areas: First, understanding of computer concepts and system design; Second, understanding the functioning of Accounting Information System (AIS), an ability to identify new risks and understand how the internal controls are mapped on to the computers to manage technology and business risks. Third, knowledge of use of computers in audit. Acquisition of these skills has also opened up new areas of practice for auditors like Information System Audit, Security Consultancy, Web Assurance, etc.AUDITING IN CIS ENVIRONMENT facilities, people, data, technology, system documentation and supplies. This is because hardware can be damaged maliciously, software and data files may be stolen, deleted or altered and supplies of negotiable forms can be used for unauthorized purposes. The IS auditor will be require to review the physical security over the facilities, the security over the systems software and the adequacy of the internal controls. The IT facilities must be protected against all hazards. The hazards can be accidental hazards or intentional hazards. Maintenance of Data Integrity Data integrity includes the safeguarding of the information against unauthorized addition, deletion, modification or alteration. The desired features of the data are described here under: a. Accuracy: Data should be accurate. Inaccurate data may lead to wrong decisions and thereby hindering the business development process. b. Confidentiality: Information should not lose its confidentiality. It should be protected from being read or copied by anyone who is not authorized to do so. c. Completeness: Data should be complete d. Reliability: Data should be reliable because all business decision are taken on the basis of the current database. e. Efficiency: The ratio of the output to the input is known as efficiency. If output is more with the same or less actual input, system efficiency is achieved, or else system is inefficient. If computerization results in the degradation of efficiency, the effort for making the process automated stands defeated. IS auditors are responsible to examine how efficient the application in relation to the users and workload.AUDITING IN CIS ENVIRONMENT a tremendous impact on auditing. Well-planned and structured audit is essential for risk management and monitoring and control Information systems in any organization. Definition of IS Audit An information system (IS) audit or information technology(IT) audit is an examination of the controls within an entity's Information technology infrastructure. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement. It is the process of collecting and evaluating evidence of an organization's information systems, practices, and operations. Obtained evidence evaluation can ensure whether the organization's information systems safeguard assets, maintains data integrity, and are operating effectively and efficiently to achieve the organization's goals or objectives. Audit Objectives Auditing is a systematic and independent examination of information systems environment to ascertain whether the objectives, set out to be achieved, have been met or not. Auditing is also described as a continuous search for compliance. The objective of the IS audit are to identify risks that an organization is exposed to in the computerized environment. IS audit evaluates the adequacy of the security controls and informs the management with suitable conclusions and recommendations. IS audit is an independent M subset of the normal audit exercise. Information systems audit is an ongoing process of evaluating controls; suggest security measures for the purpose of safeguarding assets/resources, maintaining data integrity, improve system effectiveness and system efficiency for the purpose of attaining organization goals. Well-planned and structured audit is essential for risk management and monitoring and control of information systems in any organization. Safeguarding IS assets The Information systems assets of the organization must be protected by a system of internal controls. It includes protection of hardware, software