Slide 1ObjectivesA Brief ReviewIT Audit Career Planning and DevelopmentCareer PathIT Audit Career PathKnowledge, Skills and AbilitiesSlide 8Accountancy Entry Path, what skills do you need?Accountancy Entry Path, what skills do you need?Performance AssessmentPerformance Counseling and FeedbackIT Audit TrainingProfessional DevelopmentEvaluating IT Audit QualityBest PracticesBest Practices in IT Audit PlanningSummaryChapter 20 IT Auditing: Career Planning and Development, Evaluating Audit Quality and Best PracticesMBAD 7090Fall, 20081IS Security, Audit, and Control (Dr. Zhao)ObjectivesCareer planning and developmentElements of quality IT auditBest practices for IT auditing Fall, 20082IS Security, Audit, and Control (Dr. Zhao)A Brief ReviewChapters 1-3 provided the history and evolution of this profession.Chapter 4 provided the role and importance of IT auditing in systems development.Chapter 5-17 provided the role and importance of IT auditing in IT organization, applications, and operations.Chapter 18-19 provided information on the impact of the legal environment, security and privacy issues on the IT auditor.Fall, 2008IS Security, Audit, and Control (Dr. Zhao)3IT Audit Career Planning and DevelopmentA career path Definition of knowledge, skills, and abilitiesPerformance assessmentPerformance counseling and feedbackTraining and professional developmentFall, 2008IS Security, Audit, and Control (Dr. Zhao)4Career PathMust be formal and communicated to employeesCareer advancement provides more incentives than a monetary rewardMust be supported by managementChallenge: matching individual career paths with organizational objectivesConsider both short term goals and long term goals.Q: What is your ideal career path?Fall, 2008IS Security, Audit, and Control (Dr. Zhao)5IT Audit Career PathFall, 2008IS Security, Audit, and Control (Dr. Zhao)6Into Managerial Positions in: Operational management Management consulting Accounting or finance Information technology Security Computer forensicsDirector of IT audit or internal auditAudit manager-ITSenior IT auditorIT auditorIT audit traineeKnowledge, Skills and AbilitiesFor each position within the career path, the level of knowledge, skills, and abilities must be defined.Job description or position description must be communicated to employees as well as any future updates or changes.ISACA professional competence standards:The IS auditor should be professionally competent, having the skills and knowledge to conduct the audit assignment.The IS auditor should maintain professional competence through appropriate continuing professional education and training.Fall, 2008IS Security, Audit, and Control (Dr. Zhao)7Environmental Effects on IS/IT Auditors’ response to competency requirementsFall, 2008IS Security, Audit, and Control (Dr. Zhao)8Accountancy Entry Path, what skills do you need?Fall, 2008IS Security, Audit, and Control (Dr. Zhao)9Accountancy Entry Path, what skills do you need?Fall, 2008IS Security, Audit, and Control (Dr. Zhao)10Performance AssessmentMust integrate with organization’s goals and objectives. Must articulate criteria for measurement of performanceMust articulate criteria for level of performanceMust be communicated to employees at all levels as well as updated in a timely mannerFeedback and counseling is importantPerformed on an annual basis at minimumMust be supported by managementFall, 2008IS Security, Audit, and Control (Dr. Zhao)11Performance Counseling and FeedbackFeedback and counseling is importantPerformed on an annual basis at minimumMust be supported by managementFall, 2008IS Security, Audit, and Control (Dr. Zhao)12IT Audit TrainingMust be formalAudit methodology developmentCommunication developmentTechnical developmentMust be integrated with performance counseling and feedbackMust be supported by management (commitment of employee time and resources)Must use internal and/or external resourcesFall, 2008IS Security, Audit, and Control (Dr. Zhao)13Professional DevelopmentInvolvement in professional associations that support the discipline or provide developmental skills Pursuit of professional certifications that enhance the individual’s and organization’s expertiseCPA, CISA, CISM, etc.Others which demonstrate proficiency in vendor technology (CISCO, Microsoft, etc.)Fall, 2008IS Security, Audit, and Control (Dr. Zhao)14Evaluating IT Audit QualityDevelopment of criteria by auditor and auditee and supported by managementThe development of metrics to collect and measure results over time for evaluation purposesImplementing, monitoring and reviewing resultsExample: Exhibit 6, pp. 580Criteria for assessing the auditCriteria for assessing the auditorFall, 2008IS Security, Audit, and Control (Dr. Zhao)15Best PracticesEfficiencyAdd value to client/auditee and organizationAdvancement in technology or methodologyLearn from others’ experiences and practice and improvise for useExternal environment: entertainment, financial, and industrialSize: small vs. largeOrganizational differences: structures, cultures, etc.Fall, 2008IS Security, Audit, and Control (Dr. Zhao)16Best Practices in IT Audit PlanningResearchBenchmarkingPlanning memoBudget coordinationRisk analysisTotal exposureTime since last auditKick-off meeting/lunch meetingsStaff mentoring and coachingUnderstanding requirementsFall, 2008IS Security, Audit, and Control (Dr. Zhao)17Summary IT auditing is both a career and a profession.Career development is an essential component supporting this careerEvaluation of IT audit quality is a process that can assist in answering management’s questions about audit efficiency, effectiveness, and quality.Best Practices is a means for sharing experiences and lessons learned with others in the quest for improving the quality of the audit process.Fall, 2008IS Security, Audit, and Control (Dr.