IT RISKS ASSESSMENT IN MANAGEMENT INFORMATION SYSTEMS AUDIT
Supp/2008 , p684..693
Author(s):
Mirela GHEORGHE Ilie TAMAŞ Delia BĂBEANU
Keywords:
Management information systems audit, IT risks assessment, security risk, availability risk
Abstract:
In the last year, management information systems audit cross over the approach based on system control to an approach based on system risks. To complete this approach in prevent of some events is the failure of Enron, WorldCom, Parmalat companies. Developing some audit strategies based on risks will allow observing very well the control efficiency and efficacy from the auditing system. The IT risks assessment is the key process in audit mission planning, which will allow identifying the areas of major risks. The dimension of risks which the auditor must evaluate at the management information systems level include the IT security risk, IT operational risk, availability risk, performance risk and legislation according risk. This research begin with analyze of risks categories and propose a set of their assessment procedures. Each procedure offer a control list of specific threats and vulnerabilities, a questionnaire for risks assessment, in which every question had an important rate, and this is the element that will contribute to a quantitative appreciation. The necessity of this approach resulted from the fact that ISACA standards, procedures and guidelines do not offer a unique “prescription” to evaluate the IT risks.
Download:
Back
|
|