Written By Guest Blogger Chris.
Hi, fellow CIA candidates. I hope your studies are going well. Mine are progressing very well, and I am doing very well.
I have just finished reading Study Unit 8. It proved to be one of the most challenging topics for me. The topic is on Information Technology. I will have to revisit it in order for me to understand the concepts.
This topic is very important because nearly all organizations are computerized. Internal auditors, including CIA candidates, must have an understanding of the pertinent technology and its implications for risk management, control, and governance.
As I have said before, this topic in my nemesis, but I will persevere until I get an encouraging score. Failure is not an option.
I realize that I must understand aspects of automated information processing like characteristics, processing modes, segregation of duties, and IT personnel responsibilities. I also have to understand types of systems software and databases and database terminology.
An Internal Auditor should be able to classify IT controls and how those controls are applied. One should also understand how an organization can develop its computerized system. The duties of programmers, systems analysts, and end users should be well understood as well.
The information gathered in the computerized system should be secure. It is the duty of the internal auditor to ensure that there is data integrity and that physical and logical controls are in place. Connection to the Internet poses a serious threat to the information of any organization. Thus, the organization-wide security policy should include ways to protect its data. Auditors should also understand ways of having backup facilities in the event that the system crashes. This is to ensure that there is business continuity and no data is lost.
I hope this topic has not been as challenging for you as it has been for me.
Until next time, CIAO.