Académique Documents
Professionnel Documents
Culture Documents
INFORMATION TECHNOLOGY
ENVIRONMENT:
WHY ARE CONTROLS AND AUDIT
IMPORTANT?
SUBMITTED TO
Professor Marietta M. Doquenia
SUBMITTED BY
Arcalas, Jomarica
Basco, Angela
Caeda, Mitzi Yvonne
Galarido, Mike Christian
Rapinan, Kamille
BSA 4-4 (Group 1)
IT Auditing
IT auditing is the examination and evaluation of an organization's information technology
infrastructure, policies and operations. It is formerly called electronic data processing (EDP),
computer information systems (CIS), and IS auditing. Information technology audits determine
whether IT controls protect corporate assets, ensure data integrity and are aligned with the
business's overall goals. IT auditors examine not only physical security controls, but also overall
business and financial controls that involve information technology systems.
The need for and IT audit function stems from:
Computers having impacted the ability of auditors to perform the attestation function
Computers are key resources in the business environment
Professional associations and organizations recognize the need for IT control and
auditability
Because operations at modern companies are increasingly computerized, IT audits are used to
ensure information-related controls and processes are working properly. The primary objectives
of an IT audit include:
Evaluate the systems and processes in place that secure company data.
Determine risks to a company's information assets, and help identify methods to minimize
those risks.
Ensure information management processes are in compliance with IT-specific laws,
policies and standards.
Determine inefficiencies in IT systems and associated management.
The breadth and depth of knowledge required to audit IT systems are extensive. For example, IT
auditing involves
Application of risk oriented audit approaches
Use of computer-assisted audit tools and techniques
Application of standards
Understanding of business roles and expectations in the auditing of systems
Assessment of information security and privacy issues
Examination and verification of the organizations compliance with any IT-related legal
issues
Evaluation of complex systems development life cycles or new development techniques
Reporting to management and performing a follow-up review to ensure actions taken at
work
The auditing of complex technologies and communications protocols involves the Internet,
intranet, extranet, electronic data interchange, client servers, local and wide area networks, data
communications, telecommunications, wireless technology, integrated voice/data/video systems,
and the software and hardware that support these processes and functions.
Around the world, reports of white-collar crime, information theft, computer fraud, information
abuse, penetration, and information theft occurring in major financial institutions and other
information/technology control concerns continue to be heard in the press and major television
networks. Information assurance-oriented organizations have been warned of the threats and losses
as a result of poor controls over IS.
Today, more than ever, organizations are more information dependent and conscious of the
pervasive nature of technology across the business enterprise. The increased connectivity and
availability of systems and open environments have proven to be the lifelines of most business
entities. IT is used more extensively in all areas of commerce around the world. Owing to the rapid
diffusion of computer technologies and the ease of information accessibility, knowledgeable and
well-educated IT auditors are in great demand.
Even today, these types of events are repeated over and over again where organizations dependent
on technology encounter failure and disruption to services and business.
The chief executive officer (CEO) and chief information officer (CIO) want to meet or exceed
their business objectives and attain maximum profitability through an extremely high degree of
availability, fast response time, extreme reliability, and a very high level of security. In order to
meet the changing business conditions and competition, the products for which IT provides
consumer feedback will also be of high quality, rich in information content, and come packaged
with a variety of useful services.
Flexible Manufacturing permits products to be produced economically in arbitrary lot
sizes through modularization of the production process
Improvement of Just-In-Time (JIT) and Lean Manufacturing, and Total Quality
Management (TQM) enable low-cost production
The unpredictability of customer needs and the shortness of product life cycles will cause the mix
of production capabilities and underlying resources required by the organization to change
constantly. Organizations will possess a dynamic network organization synthesizing the best
available design, production, supply and distribution capabilities and resources from enterprises
around the world and linking them and the customers together.
A multienterprise nature will enable organizations to respond to competitive opportunities
quickly and with the requisite scale, while, at the same time, enabling individual network
participants cost and risk to be reduced.
The network must be highly interconnected so the people, organizations, and machines can
communicate at any time, regardless of location.
Flexibility because the organization is constantly changing.
Cost effective because low cost is one of the ingredients in the mass-customization strategy
In order to accomplish this, the organization must have the ability to reach anyone anywhere in
the world with the help of global area networks, various collaborative service platforms and prefect
service.
1. Global Area Networks
Wireless Networks (on-premise)
Wireless PBXs or LANs
Cellular Networks (off-premise)
Ipad or Iphone
Global Satellite Networks
Iridium and Personal Communication Networks
2. Various Collaborative Service Platforms
Microsoft and Unix
3. Perfect service
Speed can be achieved through broadband networking: locally via
fast Ethernet, gigabit, and asynchronous transfer mode (ATM) LANs,
and over a wide area via switched multimegabit data services (SMDS)
and ATM services
Reliability through quality hardware/software and proven wired and
wireless solutions where possible
In practice, any ordinary computer has come under the jurisdiction of the law, including
cellphones, due to the inter-state nature of most internet communication.