Beruflich Dokumente
Kultur Dokumente
A document that outlines the mission and values of the business or organization,
how professionals are supposed to approach problems, the ethical principles based on
the organization's core values and the standards to which the professional will be held.
2. The Code serves as the backbone or foundation of the profession in discharging its
obligation by providing ethical principles and obliging professional accountants to
adhere to the principles
ISACA sets forth this Code of Professional Ethics to guide the professional and
personal conduct of members of the association and/or its certification holders.
1. Integrity
2. Objectivity
4. Confidentiality
5. Professional Behavior.
A professional accountant should comply with the relevant laws and regulations
and should avoid any action that discredits the profession.
Irregular act:
Illegal act:
Irregular and illegal acts can have negative impact to organizations, in terms of:
i. Financial aspects
*Fraud
(2) induce another to part with some valuable item or surrender a legal right, or
"Offences that are committed against individuals or groups of individuals with a criminal
motive to intentionally harm the reputation of the victim or cause physical or mental harm
to the victim directly or indirectly, using modern telecommunication networks such as
Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)“
Violations of intellectual property rights
IP rights - A right that is had by a person or by a company to have exclusive rights to use
its own plans, ideas, or other intangible assets without the worry of competition, at least
for a specific period of time.
IT auditors are NOT responsible for preventing and detecting illegal or irregular acts in an
organization
The management and Board of Directors of the organization are responsible. They must:
adopt a preventative approach for identifying, analyzing and managing the risk
of illegal and irregular acts occurrences that could prevent the organization from
achieving its business objectives or strategies.
have detective procedures in place to increase their ability to detect illegal and
irregular acts occurrences and uncover illegal and irregular acts occurrences
Designed response controls are to take corrective action and to correct the illegal
and irregular acts
According to ISACA’s IS Audit and Assurance Guideline 2207 Irregularity and Illegal
Acts
2.3.3 Professionals are NOT responsible for the prevention or detection of irregularities or
illegal acts. An audit engagement cannot guarantee that irregularities will be detected.
Even when the audit is planned and performed appropriately, irregularities could go
undetected. The aim (of an audit engagement) is to determine the control is in place,
adequate, effective and complied with
2.3.5 Professionals should inform management and those charged with governance
when they have identified situations where a higher level of risk exists for a potential
irregularity of illegal act, even none is detected.
Perform limited additional procedures to determine the effect of the act and
whether additional acts exist
Legal contracts
Computer crime
Privacy Issues
a) Legal Contracts
Lease – a contact between a landlord and a tenant that specifies the terms
under which the tenant has the right to use the landlord's property
Sales contract – an agreement between two parties that details the terms
of a financial transaction and documents the fact that ownership of an
asset has transferred from seller to buyer.
A unilateral contract is a contract in which only one party makes an express promise, or
undertakes a performance without first securing a reciprocal (mutual) agreement from
the other party
Employment Contracts
a written legal document that lays out binding terms and conditions of an
employment relationship between an employee and an employer.
A legal contract between at least two parties that outlines confidential material,
knowledge, or information that the parties wish to share with one another for
certain purposes, but wish to restrict access to or by third parties
(Source: http://encyclopedia.thefreedictionary.com/Confidentiality+agreement)
b. Specified geography
Prevents employee from working for other companies in connection with the
design or sale of a competitive product.
Monetary remedy may be awarded to company for violation
Computer Crime
j. Denial-of-service attack
Jurisdiction
Internet users remain in physical jurisdictions and are subject to law independent
of their presence on the Internet
The laws of the state/nation that apply where the server hosting the
transaction is located, and
The laws of the state/nation which apply to the person or business with
whom the transaction takes place
Intellectual Property
Those property rights which result from physical manifestation of original thought.
Patents
Trademarks
Copyrights
Privacy
The right to be free from secret surveillance and to determine whether, when, how,
and to whom, one's personal or organizational information is to be revealed.
Intrusion
Public Disclosure
When someone publishes hurtful, embarrassing or offensive facts about a person's private
life
False Light
When someone produces false statements about a person or depicts that person in a
false manner
The unauthorized commercial use of a person's name or image without his knowledge or
approval.
It is critical that the organization implements an effective privacy program that includes:
a) A privacy statement
IIA released Global Technology Audit Guide (GTAG) 5 – Managing and Auditing
Privacy Risks to provide internal auditors and management with insight into privacy
risks that the organization should address when it collects, uses, retains and
discloses personal information
1. Work with legal counsel to determine what privacy legislation and regulations
would be applicable to the organization.
5. Review policies, procedures, and guidelines governing data flows and handling
procedures
7. Review current training practices and materials, and takes inventory on the
privacy awareness and training materials available and needed.
8. Perform a gap analysis of data flows and handling procedures against relevant
policies, laws, regulations, and best practices for consistency and compliance
GTAG 5 provides 10 privacy questions internal auditors should ask during a privacy
assessment:
3. Does the organization have privacy polices and procedures with respect to
collection, use, retention, destruction, and disclosure of personal information?
10. Does the organization complete a periodic assessment to ensure that privacy
policies and procedures are being followed?
Reporters:
Jenine M. Cabrera
Danica M. Judit
Lea O. Mesa