Information Systems Auditing Standards
Chap 8 – INFORMATION SYSTEMS AUDITING STANDARDS, GUIDELINES,
BEST PRACTICES
___________________________________________________________________________
Introduction
BS 7799
CMM - Capability Maturity Model
COBIT – IT Governance Model
CoCo
ITIL (IT Infrastructure Library)
Systrust and Webtrust
HIPAA
SAS 70 – Statement of Auditing Standards for Service Organisations
___________________________________________________________________________
Introduction
Growing business requires computers, networking, video conferencing etc. Consequently, technology has also impacted auditing. Concept of Internal Control has diminished as: o Through computers, a single person performs functions of multiple persons who were earlier part of the internal control system o Batch controls have disappeared
Result: Need to develop new standards of Information Systems. Common feature of such modes of controls or standards are:
1.
2.
3.
4.
Every organization that uses IT uses a set of controls
Controls depends on the business objectives, budget, personality, and context of that organization
Control objectives should be constant across organizations
Each organization could use the same control framework
IS Audit Standards
IS Audit Standards provide audit professionals a clear idea of the minimum level of acceptable performance essential to discharge their responsibilities effectively. Some of the standards by their year of birth are as follows: o 1994
COSO, CoCo o 1996
HIPAA, COBIT o 1998
BS 7799
Standard on Auditing (SA) –
•
•
Link to eBook has been given in the Institute study material (ISCA)
SA 315 – “Identifying and Assessing the Risk of Material Misstatement Through Understanding the Entity and its
Environment”
SA 330 - “The Auditor’s Responses to Assessed Risks”
Chap 8 | www.iscanotes.com
1
www.excelnext.in | May 2011
BS 7799
BS 7799 is an International Standard setting out the requirements for an Information
BEST PRACTICES
___________________________________________________________________________
Introduction
BS 7799
CMM - Capability Maturity Model
COBIT – IT Governance Model
CoCo
ITIL (IT Infrastructure Library)
Systrust and Webtrust
HIPAA
SAS 70 – Statement of Auditing Standards for Service Organisations
___________________________________________________________________________
Introduction
Growing business requires computers, networking, video conferencing etc. Consequently, technology has also impacted auditing. Concept of Internal Control has diminished as: o Through computers, a single person performs functions of multiple persons who were earlier part of the internal control system o Batch controls have disappeared
Result: Need to develop new standards of Information Systems. Common feature of such modes of controls or standards are:
1.
2.
3.
4.
Every organization that uses IT uses a set of controls
Controls depends on the business objectives, budget, personality, and context of that organization
Control objectives should be constant across organizations
Each organization could use the same control framework
IS Audit Standards
IS Audit Standards provide audit professionals a clear idea of the minimum level of acceptable performance essential to discharge their responsibilities effectively. Some of the standards by their year of birth are as follows: o 1994
COSO, CoCo o 1996
HIPAA, COBIT o 1998
BS 7799
Standard on Auditing (SA) –
•
•
Link to eBook has been given in the Institute study material (ISCA)
SA 315 – “Identifying and Assessing the Risk of Material Misstatement Through Understanding the Entity and its
Environment”
SA 330 - “The Auditor’s Responses to Assessed Risks”
Chap 8 | www.iscanotes.com
1
www.excelnext.in | May 2011
BS 7799
BS 7799 is an International Standard setting out the requirements for an Information