AUDITORS’ ROLE IN INFORMATION TECHNOLOGY CONTROLS IMPLEMENTATION
`IT governance nomenclature,’ is the term used to describe how those persons
entrusted with governance of an entity will consider IT in their supervision,
monitoring, control and direction of the entity. “How IT is applied within the
entity will have an immense impact on whether the entity will attain its vision,
mission or strategic goals” (Robert S. Roussey, CPA Professor at University of
South California). Auditors have a role to play in ensuring that IT controls are
well implemented for the overall control objective of the organisation.
Such roles as may be ascribed to auditors include:
(a) Serving as specialists in the IT Strategy Committee, to offer advice on
matters patterning to IT controls;
(b) Auditors should be members of the IT steering committee as key advisors;
(c) Auditors should ascertain the management framework for IT governance,
e.g. COBIT, COSO;
(d) Auditors should get involved in the business plan development. The
strategic alignment need makes this imperative;
(e) Auditors should evaluate IT business processes, ensuring that the
processes fit with the organisation’s culture and structure, and the
management of risks effectively;
(f) Auditors should contribute to the implementation of IT governance by
facilitating the training and awareness of risk management controls
best practices;
(g) Auditors should develop an inventory of corporate assets and apply risk
assessment and ranking models to identify the technical support
policies, procedures as well as policies to help users perform more
efficiently and report problems;
(h) Being conversant with the hardware/software configuration, installation,
testing, packaging of management standards, policies and procedures;
(i) Disaster recovery/backup and recovery procedures, to enable continued
processing despite adverse conditions
0 komentar:
Post a Comment