Beruflich Dokumente
Kultur Dokumente
The by:
Institute
of Chartered
Accountants
repared
CA Mukund
Pokharel, CISA
Presented by
CA XXXX
of Nepal
/
(Best Practice)
CEO CFO
. ,
.
:
Auditing Standards (SAS) No. 70, developed by (AICPA),
The Sarbanes-Oxley Act of 2002, a United States Federal Law followed by many
countries
Information Technology Guidelines 2012 developed by Nepal Rastra Bank
The Institute of Chartered Accountants of Nepal
1. (Project Management)
2. (IS Audit Process)
3. (IS audit Standards and Guidelines)
Standards and Guidelines
4. (IT Risk Concept) e.g. ISO/IEC 27005 and ISACA IT Risk Framework
5. (IT Governance Standards and Concepts)- e.g. ISO/IEC
38500, COBIT and ITIL
6. (Information Security Concept)
7.
,
(- , , , )
GENERAL
IT GOVERNANCE
INFORMATION SYSTEMS
IT Governance Audit
Compliance Audit
IT Performance Audit
IT Investment Audit
IT RISK MANAGEMENT
IT Risk Audit
INFORMATION SECURITY
Information Security Audit
Business Continuity Audit
SPECIALIZED AUDITS
.....
Information Technology Governance
Long term IT strategy and Short term IT plans
Information security governance, effectiveness of implementation of security policies and
processes
IT Systems Architecture and Infrastructure
Physical and environmental security
Network Management Network Architecture, Switches, Firewall, IDS, IPS
Servers / Data center operations and processes
Information System Acquisition, Implementation, Development and Maintenance
Operating Systems Controls, Application Systems Controls and Database Controls
Segregation of Duties
Business Continuity Management and Disaster Recovery Plan
IT Operations and Problem Management
IT Financial Control
Asset Management
Record Processes and Control, Media Handling and Disposal, Backup and Storage Media
Technology Licensing
IT outsourcing related controls
Vulnerability Scanning and Penetration Testing
The Institute of Chartered Accountants of Nepal
(IT Infrastructure)
Business Strategy IT Strategy IT Business Strategy
IT
IT
?
?
Network Security
Database And Application Security
Protection From Virus
Website Security
Intrusion () Detection
, ,
Real Time / Continuous
(Compliance Audit)
IT Policies, Procedures, Regulations Legislation
Compliance Audit
Compliance Audit
1. Internal Compliance (IT Policies and Procedure)
2. Government / Regulatory Authority / Legislative
Compliance
Compliance Audit Enterprise Risk
(Specialized Audits)
Specialized Audit General IS Audit
Specialized Audit
Specialized Audit
Firewall Audit
Database Audit
Cloud Hosting Infrastructure Audit
Real Time Security System Audit
Application System Audit
Substantive Analysis of data using specialized tools like CAAT