CISA 2007 - IT Audit Process & IT Segregation of Duties
During an IT Compliance Audit by observing the IS staff performing their tasks, the IS auditor can identify whether they are performing any incompatible operations, and by interviewing the IS staff, the auditor can get an overview of the tasks performed. Based on the observations and interviews the auditor can evaluate the segregation of duties.
Management may not be aware of the detailed functions of each employee in the IS department; therefore, discussion with the management would provide only limited information regarding segregation of duties during the course of an IT audit.
An organization chart would not provide details of the functions of the employees. Testing of user rights would provide information about the rights they have within the IS systems, but would not provide complete information about the functions they perform during an audit
Related Tags: IT Compliance, IT segregation of duties, IT Audit, cisa, cism
No comments:
Post a Comment