ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

As been IS Auditor did we responsible to implementation process?

user-image
تم إضافة السؤال من قبل Zafar Ayub , Manager IT , IMGC Global
تاريخ النشر: 2015/05/08
Umar Matloob
من قبل Umar Matloob , Assistant Director, IT Audit , State Bank of Pakistan

Being IS Auditor, we are not responsible for implementation of any Information System that will become part of our Audit Universe. We may however, proactively carry out a pre implementation review to identify any gaps or risks before the actual implementation and facilitate the implementing department by adding value to their product thru our expertise. However, Risks that our review failed to identify could be treated as a shared responsibility between us and the implementing department/unit. Ultimately, the implementing department/unit and the respective business owner department(s)/unit(s) are responsible for a successful implementation.

 

Regards,

Umar

Mohammad Altarawneh
من قبل Mohammad Altarawneh , VP- Head of Center of Excellence , Jordan Ahli Bank Bank

IS auditor should identify gaps within processes, or incompliance within an existing process. In both cases he/she should set recommendations. The auditor recommendation does not mean implementing the process itself as the owner of the audit finding should agree on acceptable lifecycle of the process which includes minimum controls, and finally the process owner should implement it.

مستخدم محذوف‎
من قبل مستخدم محذوف‎

No we cannot implement the process because it impairs the independence.Hence IS Auditor can only recommend.

Nishant Kumar
من قبل Nishant Kumar , Principal Consultant , Oracle

No ,It will create a conflict and might impair professional independence of IS Auditor

المزيد من الأسئلة المماثلة