Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

As been IS Auditor did we responsible to implementation process?

user-image
Question ajoutée par Zafar Ayub , Manager IT , IMGC Global
Date de publication: 2015/05/08
Umar Matloob
par Umar Matloob , Assistant Director, IT Audit , State Bank of Pakistan

Being IS Auditor, we are not responsible for implementation of any Information System that will become part of our Audit Universe. We may however, proactively carry out a pre implementation review to identify any gaps or risks before the actual implementation and facilitate the implementing department by adding value to their product thru our expertise. However, Risks that our review failed to identify could be treated as a shared responsibility between us and the implementing department/unit. Ultimately, the implementing department/unit and the respective business owner department(s)/unit(s) are responsible for a successful implementation.

 

Regards,

Umar

Mohammad Altarawneh
par Mohammad Altarawneh , VP- Head of Center of Excellence , Jordan Ahli Bank Bank

IS auditor should identify gaps within processes, or incompliance within an existing process. In both cases he/she should set recommendations. The auditor recommendation does not mean implementing the process itself as the owner of the audit finding should agree on acceptable lifecycle of the process which includes minimum controls, and finally the process owner should implement it.

Utilisateur supprimé
par Utilisateur supprimé

No we cannot implement the process because it impairs the independence.Hence IS Auditor can only recommend.

Nishant Kumar
par Nishant Kumar , Principal Consultant , Oracle

No ,It will create a conflict and might impair professional independence of IS Auditor

More Questions Like This