Page Title

Information Systems have been the new language of business
operations !!!

This Manual helps auditors of Informations Systems (IS) understand the
objectives of IS, clear their roles as IS auditors and effectively plan and
implement the audit of IS.

The Manual was developed considering the standards set forth in Control
Objectives for Information and Related Technology (CoBiT) and other standards
relating to information security management.

The Manual contains the following sections:
     10 – Introduction
     20 – Fundamentals and Standards of IS Auditing
     30 – IT Systems and Infrastructure
     40 – Business and IT Risks
     50 – Controls in IT Environment
     60 – IS Auditing techniques and documentation
     70 – Planning and Conducting and Reporting on IS Audits

In the first section, the manual provides a summary of the objectives of IS
audits and the role the IS auditors take.
Section 20 discusses the standards being used as framework and
guidelines in assessing or reviewing the status of controls in the areas of
information systems and security management
In Section 30, the manual provides discussion on the
elements/components of information systems and infrastructure, e.g.
computer hardware and operating systems, networking and
communication, internet and e-commerce.
Section 40 contains discussions on assessing the risks related to IS and
corresponding effects on business operations
Section 50 analyses the different levels of IS controls and components
under each level
In Section 60, various IS auditing techniques are defined. It includes
discussions on reviewing general IS controls, auditing systems before and
after implementation, testing IS controls including the use of computer
assisted auditing techniques. Finally, the section also includes guidelines
in documenting the IS audit work
Section 70 gives step-by-step guide in carrying out the IS audit, from
planning which is the key aspect of the audit activity and reporting on the
results of the audit work