Slide 1ObjectivesA Brief ReviewIT Audit Career Planning and DevelopmentCareer PathIT Audit Career PathKnowledge, Skills and AbilitiesSlide 8Accountancy Entry Path, what skills do you need?Accountancy Entry Path, what skills do you need?Performance AssessmentPerformance Counseling and FeedbackIT Audit TrainingProfessional DevelopmentEvaluating IT Audit QualityBest PracticesBest Practices in IT Audit PlanningSummaryChapter 20 IT Auditing: Career Planning and Development, Evaluating Audit Quality and Best PracticesMBAD 7090Fall, 20081IS Security, Audit, and Control (Dr. Zhao)ObjectivesCareer planning and developmentElements of quality IT auditBest practices for IT auditing Fall, 20082IS Security, Audit, and Control (Dr. Zhao)A Brief ReviewChapters 1-3 provided the history and evolution of this profession.Chapter 4 provided the role and importance of IT auditing in systems development.Chapter 5-17 provided the role and importance of IT auditing in IT organization, applications, and operations.Chapter 18-19 provided information on the impact of the legal environment, security and privacy issues on the IT auditor.Fall, 2008IS Security, Audit, and Control (Dr. Zhao)3IT Audit Career Planning and DevelopmentA career path Definition of knowledge, skills, and abilitiesPerformance assessmentPerformance counseling and feedbackTraining and professional developmentFall, 2008IS Security, Audit, and Control (Dr. Zhao)4Career PathMust be formal and communicated to employeesCareer advancement provides more incentives than a monetary rewardMust be supported by managementChallenge: matching individual career paths with organizational objectivesConsider both short term goals and long term goals.Q: What is your ideal career path?Fall, 2008IS Security, Audit, and Control (Dr. Zhao)5IT Audit Career PathFall, 2008IS Security, Audit, and Control (Dr. Zhao)6Into Managerial Positions in: Operational management Management consulting Accounting or finance Information technology Security Computer forensicsDirector of IT audit or internal auditAudit manager-ITSenior IT auditorIT auditorIT audit traineeKnowledge, Skills and AbilitiesFor each position within the career path, the level of knowledge, skills, and abilities must be defined.Job description or position description must be communicated to employees as well as any future updates or changes.ISACA professional competence standards:The IS auditor should be professionally competent, having the skills and knowledge to conduct the audit assignment.The IS auditor should maintain professional competence through appropriate continuing professional education and training.Fall, 2008IS Security, Audit, and Control (Dr. Zhao)7Environmental Effects on IS/IT Auditors’ response to competency requirementsFall, 2008IS Security, Audit, and Control (Dr. Zhao)8Accountancy Entry Path, what skills do you need?Fall, 2008IS Security, Audit, and Control (Dr. Zhao)9Accountancy Entry Path, what skills do you need?Fall, 2008IS Security, Audit, and Control (Dr. Zhao)10Performance AssessmentMust integrate with organization’s goals and objectives. Must articulate criteria for measurement of performanceMust articulate criteria for level of performanceMust be communicated to employees at all levels as well as updated in a timely mannerFeedback and counseling is importantPerformed on an annual basis at minimumMust be supported by managementFall, 2008IS Security, Audit, and Control (Dr. Zhao)11Performance Counseling and FeedbackFeedback and counseling is importantPerformed on an annual basis at minimumMust be supported by managementFall, 2008IS Security, Audit, and Control (Dr. Zhao)12IT Audit TrainingMust be formalAudit methodology developmentCommunication developmentTechnical developmentMust be integrated with performance counseling and feedbackMust be supported by management (commitment of employee time and resources)Must use internal and/or external resourcesFall, 2008IS Security, Audit, and Control (Dr. Zhao)13Professional DevelopmentInvolvement in professional associations that support the discipline or provide developmental skills Pursuit of professional certifications that enhance the individual’s and organization’s expertiseCPA, CISA, CISM, etc.Others which demonstrate proficiency in vendor technology (CISCO, Microsoft, etc.)Fall, 2008IS Security, Audit, and Control (Dr. Zhao)14Evaluating IT Audit QualityDevelopment of criteria by auditor and auditee and supported by managementThe development of metrics to collect and measure results over time for evaluation purposesImplementing, monitoring and reviewing resultsExample: Exhibit 6, pp. 580Criteria for assessing the auditCriteria for assessing the auditorFall, 2008IS Security, Audit, and Control (Dr. Zhao)15Best PracticesEfficiencyAdd value to client/auditee and organizationAdvancement in technology or methodologyLearn from others’ experiences and practice and improvise for useExternal environment: entertainment, financial, and industrialSize: small vs. largeOrganizational differences: structures, cultures, etc.Fall, 2008IS Security, Audit, and Control (Dr. Zhao)16Best Practices in IT Audit PlanningResearchBenchmarkingPlanning memoBudget coordinationRisk analysisTotal exposureTime since last auditKick-off meeting/lunch meetingsStaff mentoring and coachingUnderstanding requirementsFall, 2008IS Security, Audit, and Control (Dr. Zhao)17Summary IT auditing is both a career and a profession.Career development is an essential component supporting this careerEvaluation of IT audit quality is a process that can assist in answering management’s questions about audit efficiency, effectiveness, and quality.Best Practices is a means for sharing experiences and lessons learned with others in the quest for improving the quality of the audit process.Fall, 2008IS Security, Audit, and Control (Dr.
View Full Document