Embed Size (px)
DESCRIPTION
In this slidecast, Michael Lin provides an overview on the role of information systems (IS) audits, available IS audit-related designations, and the benefits of attaining or hiring individuals with these designations. He also attempts to provide some guidelines on how an IS audit professional should pursue such designations.
Citation preview
INFORMATION SYSTEMS AUDIT-
RELATED DESIGNATIONS
ACC 626: Final Report Slidecast
Delivered by: Michael Lin
Information System (IS) Audit...
Profession traditionally concerned with audit
Increased complexity in IS ingrained in business processes
Old requirements + New complexity = Need for new expertise
...-Related Designations
Expertise:Specialists?Standardization?
In response, professional associations created IS audit-related designations
Overview
Role of IS Audits Overview of IS Audit-Related
Designations Benefits of Certification – For the
Professional Benefits of Certification – For the
Organization Guidelines for the Pursuit of IS Audit-
Related Designations
Role of IS Audits Need to understand role of IS audits in
today’s business environment Role relates to efficiently and effectively
conducting audits in the context of complex IS Some audit types where IS audit is employed:
Audit of Financial StatementsSection 5970 AuditsTrust ServicesInternal Audit
Role of IS Audits (Cont’d)
Audit of Financial StatementsIS traditionally used to record, process, and
summarize transactions for financial statement generation
IS increasingly used for other critical business processes in an integrated manner
Section 5970 AuditsIS utilized for service deliveryIS includes many embedded controls
Role of IS Audits (Cont’d) Trust Services
Security, availability, processing integrity, confidentiality, and privacy
IS clearly important Internal Audit
Not external reporting, delivers value in various ways
IS may be extensively utilized in business processes
i.e. Both internal and external audit may involve IS audit
Overview of IS Audit-Related Designations Extensive number of relevant
designations, with some very specialized differences
To examine:Major designations in disciplineSome classifications of other related
designations
Certified Information Systems Auditor (CISA) Single most relevant designation for IS
audit Flagship designation for ISACA (actual
name), with over more than 85,000 professionals in nearly 160 countries
“...for those who audit, control, monitor and assess an organization’s IT and business systems”
CISA (Cont’d) Five job practice domains
Domain 1—The Process of Auditing Information Systems (14%)
Domain 2—Governance and Management of IT (14%)
Domain 3—Information Systems Acquisition, Development and Implementation (19%)
Domain 4—Information Systems Operations, Maintenance and Support (23%)
Domain 5—Protection of Information Assets (30%)
Certified Information Security Manager (CISM) Second most popular designation
offered by ISACA with 16,000 professionals
“...for individuals who design, build and manage enterprise information security programs”, with a high-level management focus
CISM (Cont’d)
Five job practice domainsDomain 1—Information Security Governance
(23%)Domain 2—Information Risk Management
(22%)Domain 3—Information Security Program
Development (17%)Domain 4—Information Security Program
Management (24%)Domain 5—Incident Management &
Response (14%)
Certified Information Systems Security Professional (CISSP)
Offered by the International Information Systems Security Certification Consortium (ISC)2
For “professionals who develop policies and procedures in information security”
Offers concentrations in Architecture, Engineering, and Management
CISSP (Cont’d) Ten domains of knowledge:
Access Control Application Development Security Business Continuity and Disaster Recovery Planning Cryptography Information Security Governance and Risk
Management Legal, Regulations, Investigations and Compliance Operations Security Physical (Environmental) Security Security Architecture and Design Telecommunications and Network Security
Other Designations – IS and IT
Designations in IS and IT generally (i.e. not necessarily directly related to audit)
Benefits IS audit professionals through provision of general background knowledge or specific area expertise
Three potential categories:General focus, e.g. I.S.P.Specific organizational focus, e.g. CGEIT, CAPSpecific technical focus, e.g. C|EH, CSFA,
GCIH
Other Designations - Accounting Designations in accounting related to
audit (i.e. non-technical) Benefits IS professionals through audit-
related expertise In Canada:
CACMACGACIA
Benefits of Certification – For the Professional Up to professional to pursue and attain
designations Professional associations offering
certifications have very positive view:Improved career prospects
○ Demonstrate working knowledge and commitment
○ Career differentiator, marketabilityAccess to resources, such as networking
Benefits of Certification – For the Professional (Cont’d)
Another view:Certifications still good way to show interest
or seriousness about careerBut, in many cases:
○ Need certifications to keep jobs○ Competing individuals in job market have
same certifications○ Need certifications just to get past resume
search enginesNo long a source of competitive advantage
Benefits of Certification – For the Organization Organizations can influence professional
pursuit of certifications through hiring, retention, and promotion policies
Professional associations’ positive view:Benefits to professionals extended to
employersEstablish standard of best practicesEnable a broader perspective, including
both business and technology
Benefits of Certification – For the Organization (Cont’d)
The literature agreesIS professionals help align IT with business
prioritiesIT audits generate value for companies
through third-party regular evaluation of information security policies and architecture
Benefits apply to external as well as internal auditExternal auditors: fees and costsInternal and external IS audit are related
Guidelines for the Pursuit of IS Audit-Related Designations
IS audit-related designations provide clear benefits, but has costsFinancial costs, i.e. Fees and materialsNon-financial costs, i.e. Time and dedicationToo many designations may even cause
employers to find the resume unattractive Should not pursue as many
designations as possible Return on investment
Guidelines ... (Cont’d)
Long-term approachMake a career plan and map in
certifications, time, and effort Some specific considerations
General vs. specialized designationsIT or accounting designations
Concluding Remarks – Key Takeaways Continuing trend in IS IS audit-related designations:
are relevant and add value,but becoming necessity rather than
advantage Professionals need to take long-term
career plan-based approach
THANK YOU
QUESTIONS AND COMMENTSARE WELCOME
