Tag Archives: IT

Bank’s Change Management Troubles

AuditMonkey has written about the Royal Bank of Scotland’s change management troubles.

Continue reading

Advertisements

5 Comments

Filed under Audit, Technology

Free CISA Prep: Self-Assessment Exam

cisa study guide, tipsIf you’re planning to take the CISA exam, you need to take ISACA‘s own CISA Self-Assessment exam (get it here).

The exam consists of 50 questions that allow exam candidates to “assess their knowledge of the CISA job practice areas and determine in which information security areas they may have strengths and weaknesses.”

Continue reading

2 Comments

Filed under Audit, Certification, Free, Security

CISA vs. CIA Certification

cisa study guide, tipsIf you’re an IT auditor (or want to be one) and don’t have any audit certifications, which certification should you get, the CISA or the CIA? If you want to get both, which one do you get first?

Full disclosure: I have the CISA, but not the CIA. Back when the CIA was 4 exams, I studied for all the CIA exams except the financial exam, but ended up not taking any of the exams. I also have the CISSP.

Continue reading

165 Comments

Filed under Audit, Certification, Security, Technology

IT Admin vs. IT Auditor

IT admins and IT auditors often don’t see eye-to-eye, and they don’t usually think their goals are similar.

The IT auditor just has to work a little harder to convince the IT admin of that. I’ve worn both hats, so I know it can be done.

Continue reading

5 Comments

Filed under Audit, Security

New IT Auditor Needs Help!

A new IT auditor needs some help dealing with database patching issues and how far you need to dive into technology during an IT audit.

Take a moment to read his comment and add your thoughts. I’ve put in my 2 cents. Let’s get a good discussion going.

I think any auditor can chime in, as audit scope and audit limitations are not unique to IT audit.

Dinesh’s comment appears in What IT Auditors Ought to Know – and Don’t!

Leave a comment

Filed under Audit, How to..., Security, Technology

Where is the IS in CISA?

cisa study guide, tipsWhy do so many IT auditors who pass the CISA know so little about IS and security–and in my opinion aren’t worth hiring* for that and several other reasons?

Well, I think I figured it out. So what clarified my understanding? I took the CISA exam.

Continue reading

10 Comments

Filed under Audit, Certification, Technology

Conclusion: Audit Server Disappeared

In Case File: Audit Server Disappeared, I noted that a friend of mine learned that  IT had, on its own prerogative, wiped a server belonging to Internal Audit because “it never appeared to be used.”

Some of you already commented on some of the issues involved in this incident and the normal IT activities that should have prevented this incident (or at least alerted IT that something was wrong). Let’s review those comments and I’ll add some other details and comments.

Continue reading

3 Comments

Filed under Audit, Case Files