IT AUDIT SERVICES FOR IDENTIFYING TECHNOLOGY AND INFORMATION SECURITY (INFOSEC) RISKS
Synopsis
IT audits play a crucial role in safeguarding organizational assets by identifying and mitigating technology and information security (InfoSec) risks. This chapter provides a comprehensive overview of IT audit services, focusing on their effectiveness in pinpointing vulnerabilities and ensuring robust security measures.
IT audits are essential for maintaining the security and efficiency of an organization's technology infrastructure. This chapter explores the role of IT audit services in identifying and managing technology and information security risks. By examining the principles, methodologies, and tools used in IT audits, the chapter provides a comprehensive understanding of how these services contribute to safeguarding organizational assets.
References
[1] Lawati A Al and Ali S 2015 Business perception to learn the art of Operating System auditing: A case of a local bank of Oman Proceedings of the 8th IEEE GCC Conference and Exhibition
[2] Juiz C and Toomey M 2015 To Govern IT, or Not To Govern IT? Magazine Communications of the ACM 58 pp 58-64
[3] Radovanović D, Radojević T, Lučić D and Šarac M 2010 IT Audit in Accordance with COBIT. Standard The 33rd International Convention MIPRO pp 1137-1141
[4] Lovaas P and Wagner S 2012 IT Audit Challenges for Small and Medium Sized Financial. Institutions Annual Symposium on Information Assurance and Secure Knowledge. Management pp 16-22
[5] Chou D C 2015 Cloud Computing Risk and Audit Issues Computer Standards and Interfaces 42. pp 137-142
[6] Beridze T 2017 Information Technology Audit in Georgia European Scientific Journal 13 pp 72-93
[7] Drljača D and Latinović B 2016 Frameworks for Audit of an Information System in Practice. Journal of Information Technology and Applications 6 pp 78-85
[8] Merhout J W and Havelka D 2008 Information Technology Auditing: A Value-Added IT Governance Partnership between IT Management and Audit Communications of The Association for Information Systems 23 article: 26 pp 464-482
[9] Felley G and Dornberger R 2016 How to Efficiently Conduct an IT Audit – in The Perspektive of Research, Consulting, and Teaching Proceedings of the 10th International Multi-Conference on Society, Cybernetics and Informatics pp 29-33
[10] Mahzan N and Veerankutty F 2011 IT Auditing Activities of Public Sector Auditors in Malaysia African Journal of Business Management 5 pp 1551-1563
[11] Rosário T, Pereira R and da Silva M M 2013 IT Audit Management Architecture and Process Model International Conference on Business Information Systems 157 pp 187-198
[12] Rahman A A B L A, Al-Nemrat A and Preston D S 2014 Sustainability in Information Systems Auditing European Scientific Journal 3 pp 458-472
[13] Matt C, Hess T, and Benlian A 2015 Digital Transformation Strategies”. Business Information System Engineering Business Information System Engineering 57 pp 339-343
[14] Dzuranin A C and Mălăescu I 2016 The Current State and Future Direction of IT Audit: Challenges and Opportunities The Journal of Information Systems 30 pp 7-20
[15] Tjager I N 2013 Corporate Governance Tantangan dan Kesempatan Bagi Komunitas Bisnis Indonesia Publisher: Prehallindo
[16] Institute of Internal Auditors 2013 Global Technology Audit Guide 4 - Management of IT Auditing 2nd Edition. The Institute of Internal Auditors
[17] Cascarino R E 2012 Auditor's Guide to IT Auditing Second Edition Publisher: Wiley Corporate F&A
[18] Fitrawansyah 2014 Fraud & Auditing Publisher: Mitra Wacana Media
[19] Yeghaneh Y H, Zangiabadi M and Firozabadi S M D 2016 Factors Affecting Information Technology Audit Quality Journal of Investment and Management 4 pp196-203
[20] Rosário T, Pereira R and da Silva M M 2012 Formalization of The IT Audit Management Process IEEE 16th International Enterprise Distributed Object Computing Conference Workshops pp 1-10
[21] Li T and Chen L 2015 The IT Audit Objective Research Based on The Information System Success Model under The Big Data Environment International Symposium on Knowledge Acquisition and Modeling, pp.147-150, 2015.
[22] Kim D H, Kim D S, Koh C and Kim H W 2013 An Information System Audit Model for Project Quality Improvement by The Agile Methodology International Journal of Information and Education Technology 3 pp 259-299
[23] Deloitte 2015 The Changing IT Risk Landscape Deloitte Tax & Consulting
[24] Deloitte 2014 Survey of IT Internal Audit Practice in the Luxembourg Financial Sector Deloitte Tax & Consulting
[25] Axelsen M, Green P and Ridley G 2017 Explaining the Information Systems Auditor Role in The Public Sector Financial Audit International Journal of Accounting Information Systems 24 pp 15-31
[26] Kim S L, Teo T S H, Bhattacherjee A and Nam K 2017 IS Auditor Characteristics, Audit Process Variables, and IS Audit Satisfaction: An Empirical Study in South Korea Information Systems Frontiers 19 pp 577-591
[27] Suk P J, Oh Y C, Yoo J G, Shin and Kim J B 2015 A Study on Audit Information Systems
[28] Improved Model based on Public Internal Audit Paradigm Shift Advanced Science and Technology Letters 107 pp 12-15
[29] Majdalawieh M and Zaghloul I 2009 Paradigm Shift in Information Systems Auditing Managerial Auditing Journal 24 pp 352-367
[30] Sayankar V N 2013 A Review on Information Systems Audit Research Journal of Engineering and Technology 4 pp 103-106
[31] https://www.sciencedirect.com/topics/computer-science/audit-process
[32] Stoel, Dale, Douglas Havelka, and Jeffrey W. Merhout. "An analysis of attributes that impact information technology audit quality: A study of IT and financial audit practitioners." International Journal of Accounting Information Systems 13.1 (2012): 60-79.
[33] The Institute of Internal Auditors. About the IIA. https://www.theiia.org/en/about-us/
[34] VMware. Disaster Recovery. https://www.vmware.com/topics/disaster-recovery
[35] Amazon. What is SDLC. https://aws.amazon.com/what-is/sdlc/
[36] Azizi, M., Hakimi, M., Amiri, F., & Shahidzay, A. K. (2024). The Role of IT (Information Technology) Audit in Digital Transformation: Opportunities and Challenges. Open Access Indonesia Journal of Social Sciences, 7(2), 1473-1482.
[37] Gartner, Inc. (2023). Magic Quadrant for CRM Customer Engagement Center. https://www.gartner.com/en/doc/444047
[38] Santos J, Botez C, Rita P. 2020. Big data analytics and digital transformation: an editorial review. Future Generation Computer Systems.111:475-86.
[39] Sayankar RM. 2013. Predictive analytics: The future of business intelligence. In 2013 IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom). IEEE. 468-71.
[40] Siponen M, Vance A. 2010.Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly.34(3):487-502.