Information technology is a critical component of business operations today. Nearly every part of the business relies on technology and networks in order to operate. This means that the IT audit function is important. In this course, Information Systems Auditing: The Big Picture, you'll learn the value of audit from the perspective of either the auditor or the auditee that is subject of the audit. First, you'll discover audit planning and audit evidence. Next, you'll explore audit recommendations. Last, you'll learn about audit reporting and how you can report your findings to management. By the end this course, you’ll have an overview of IS auditing and the ways to be a more effective auditor along with being readily equipped to support an ongoing audit.
Kevin Henry is a passionate mentor and educator in the fields of information security and audit. Mixing experience with knowledge, Kevin delivers effective training programs for companies and individuals worldwide. A frequent speaker at prestigious conferences, Kevin is known for a clear understandable manner of imparting practical information and explaining difficult topics.
Course Overview Hi everyone. My name is Kevin Henry, an IT auditor and security risk consultant and a holder of the Certified Information Systems Auditor certification. Welcome to my course on Overview of Information Systems Audit. This course is a high-level overview on the benefits and components of information systems auditing. This course identifies the phases of IT audit, and how to ensure that an audit provides value to the organization. This course should help you understand the value of audit from the perspective of either the auditor or the auditee that is subject to the audit. I work in outreach as a security evangelist at Team Cymru, and I've been involved in the field of information system security and audit for many years. IT audit is an incredibly important and satisfying role because it allows an organization to take a clear and honest look at itself with a goal of how can you do things better, or more efficiently. Information technology is a critical component of business operations today. Nearly every part of the business relies on technology and networks in order to operate. Through the examination of IT projects, systems, processes, and management, the auditor can assure management on the value and benefits of information technology and the effectiveness of the risk management program. Some of the major topics we'll cover here include audit planning, audit evidence, audit recommendations, and audit reporting. By the end of this course, you'll have an overview of IS audit and the ways to be a more effective auditor, or until you're readily equipped to support an ongoing audit. I hope you'll join me on this journey to learn about the value and benefits of information systems audit and the role you can play in this exciting and rewarding field through this course, at Pluralsight.
Audit Recommendations Audit Recommendations. Audit recommendations are the recommendations made by the auditor based on the findings and the analysis of the audit evidence. Audit recommendations require the expertise of the auditor to be able to provide meaningful, relevant data on how the organization is doing, and how they could do things better. In many cases, the recommendations that will be provided in an audit may actually have come from the staff. The staff that is working on the systems every day, they have suggestions in how things could be better, and those are then heard by the auditor in the performance of the audit. Perhaps through interviews and observation, we get to learn of some ideas of how things could be better, and then we can carry those forward on behalf of the staff. It could be the staff has not known who to go to, or the staff has not been able to bring their ideas forward in a meaningful way. However, now that their idea is included in an audit, it goes right to the audit committee of the board of directors and to the senior management team. This creates a couple of issues, and number one is that it means the audit committee of the board of the directors is now aware of something that could be done better, and, if they are then also made to be aware of something which is possibly a serious flaw, they are now liable if they don't take action. So therefore, encourage the people you're auditing to contribute and provide suggestions, and be willing to then analyze those and see, are those good ideas?