CONTROL STRUCTURES: AUDITING

Control structures: Auditing

Control Structures: Auditing

Overview of the topic

In the real world, auditing mechanisms are commonly deployed to help businesses to identify potential internal defects and vulnerabilities. For example, in the US, publicly traded companies are governed by integrated audits which were established by Section 404 of the Sarbanes Oxley Act of 2002. Moreover, quality audits are required for a company to be certified by International organization standards such as ISO 9001. Unfortunately, no existing auditing system has yet been developed and deployed on the Internet to help end users judge the credibility of the service they receive. Therefore, the trust between the Internet services and their users can be jeopardized. The importance of effective planning and well defined structure in order to implement audit policy is vital for the overall functioning of the organizations. The IT Professionals needs to perform their tasks and duties in the best possible manner. Therefore, all the issues and aspects related to Control Structures and Auditing will be discussed in detail.

Difference between information systems auditing and information security auditing

The difference between information systems auditing and information security auditing is certainly there which the employees needs to understand for performing their work. Recently, auditors have begun to scrutinize business process controls to determine the level of adherence of organizations to industrial standards and federal laws. The premise is that, although a financial statement audit is important, it provides incomplete information, since software systems can also affect the organization's business processes. IT auditing should therefore be initiated to covers all aspects of IT practices, with a view to examining the organization in terms of its adherence to industrial standards and federal laws. IT auditing should not be confused with financial auditing, even though there may be some overlaps in the work of the two groups of auditors. IT auditing provides an examination of computers, databases, and software systems. It is a professional discipline involving several different techniques for independently reviewing IT processes (e.g. software processes), as well as IT applications (e.g. financial records databases) (Hayes, 2003).

Auditors begin by extracting from ISO 9001 the specific information that will be considered later as the basis for the auditing process. This basis corresponds to the set of recognized best practices that the organization should implement in order to comply with ISO 9001 requirements. The evidence is a set of facts that objectively confirms how those best practices have been implemented and to what extent they have achieved their objective. The results of comparing the audit basis to the evidence are called observations. For many software organizations investing in quality improvement by implementing the requirement and guidelines of a quality model or standard can bring many advantages such as increasing the customer satisfaction and enhancing the value of the product among competitors. For software organization to formally demonstrate that it has implemented the requirements of a specific quality standard such as ISO 9001, it has to show a ...