What are the steps for performing audits on Information Systems?

In summary, the conversation discusses the topic of control, audit, and security of information systems. The individual is researching the information system audit steps but is finding conflicting information and is unsure of what to write. They mention that the list of audit steps can be lengthy and suggest checking websites of big consultancies and standards like ISO or BSI. They also suggest IBM Redbooks as a source for free downloadable resources on this subject.
  • #1
shivajikobardan
674
54
Homework Statement
confused in what to write
Relevant Equations
none


https://ioesolutions.esign.com.np/n...rol,-Audit-and-Security-of-Information-System

Here are what I have researched but both of these don't cover what are information system audit steps.

Then here is sth that I am not sure of.

https://www.yourarticlelibrary.com/...ess-of-information-system-audit-4-steps/10494
Here is another thing. The thing is I am finding different different things for same thing. I am confused what should I write? I don't have good teacher so can't ask to teacher as well.
 
Physics news on Phys.org
  • #2
The answer depends partly on who executes the audit. In general, the list is long, very long. Have you checked the websites of the big consultancies, e.g. PWC?

Other public sources are standards like ISO or BSI.
 
  • Like
Likes berkeman and shivajikobardan
  • #3
IBM Redbooks has copious pdf resources on these subjects, available for free download.

Here's a broad spectrum example:

sg24-7472-00_x2.jpg


http://www.redbooks.ibm.com/abstracts/sg247472.html?Open
 

FAQ: What are the steps for performing audits on Information Systems?

What is the purpose of auditing Information Systems?

The purpose of auditing Information Systems is to evaluate the effectiveness, efficiency, and security of the system. It involves reviewing and testing the system's controls, processes, and data to ensure that they are in compliance with industry standards and regulations.

What are the steps involved in performing an audit on Information Systems?

The steps for performing an audit on Information Systems typically include planning, data collection, testing, analysis, and reporting. The planning phase involves understanding the system and identifying the areas to be audited. Data collection involves gathering information about the system's controls and processes. Testing involves performing various tests to evaluate the effectiveness of the controls. Analysis involves reviewing the results of the tests and identifying any issues or areas for improvement. Finally, reporting involves documenting the findings and recommendations for improvement.

What types of controls are typically evaluated during an audit of Information Systems?

During an audit of Information Systems, various types of controls may be evaluated, including physical controls (e.g. access controls, security cameras), logical controls (e.g. passwords, firewalls), and administrative controls (e.g. policies, procedures). These controls help to ensure the confidentiality, integrity, and availability of the system and its data.

How often should audits be performed on Information Systems?

The frequency of audits on Information Systems may vary depending on the organization's size, industry, and regulatory requirements. However, it is generally recommended to perform audits at least once a year, or more frequently if there have been significant changes to the system or its processes.

Who is responsible for conducting audits on Information Systems?

Audits on Information Systems can be conducted by internal or external auditors. Internal auditors are typically employees of the organization and are responsible for evaluating the system's controls and processes. External auditors are independent professionals hired by the organization to provide an objective assessment of the system. In some cases, both internal and external auditors may work together to perform a comprehensive audit.

Similar threads

Comp Sci 1 example of information system in real life?
Replies
8
Views
1K
Comp Sci Why should we plan Information Systems?
Replies
5
Views
1K
Comp Sci Difference between fully integrated vs loosely integrated enterprise-:
Replies
2
Views
2K
Comp Sci Intelligent agent doubt-information systems
Replies
1
Views
907
Comp Sci Not getting anything in this subject Information system-:
Replies
6
Views
1K
Comp Sci Why is distributed computing/system important/necessary for big data?
Replies
1
Views
1K
Comp Sci What Is Dovetailing Technique in Turing Machines?
Replies
7
Views
2K
Comp Sci I want to use POP commands using cmd
Replies
2
Views
797
Comp Sci Please give me an example of how any indexing works in big data search
Replies
16
Views
2K
Comp Sci How Comprehensive Should an Undergraduate Explanation of MPLS Be?
Replies
1
Views
784

Hot Threads

Recent Insights

Back
Top