Information technology audit approach for the assessment of software patch management
- Authors: Oosthuizen, Deon
- Date: 2015
- Subjects: Auditing - Data processing , Information technology - Auditing , Computer software - Development
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54885 , uj:16254
- Description: Abstract: Computer software is ubiquitous and is driven extensively by our information-based society. However, little consideration is given to the complex task of developing software, which may involve conflicting objectives. Developing software that is free from material defects is the ultimate goal for software developers; however, due to its cost and complexity, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decisionmaking factors. The task of patching software to rectify inherent flaws may be a simple operation on computer systems that are of low significance, but is far more complex and critical on high-risk systems. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. One of the environments that is extremely susceptible to software flaws is the South African banking system, where not only is confidentiality a critical imperative, but also where high system availability is expected by the banking public. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The reasons for software patching, the discipline of risk management relating to IT and software patching are also identified as fundamental to the audit approach for assessing the process. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important. Despite these organisations being extremely mature from a risk management perspective, the auditors believed that the patching process may benefit from an increased focus on risk management. , M.Com. (Computer Auditing)
- Full Text:
Information technology internal audit departments in South African national government departments
- Authors: Radingoana, Kenny Selume
- Date: 2016
- Subjects: Auditing - Computer programs , Auditing - Data processing , Auditing, Internal , Information technology - Auditing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237300 , uj:24313
- Description: M.Com. (Computer Auditing) , Abstract: Please refer to full text to view abstract
- Full Text:
Professional skills and knowledge requirements of an information systems auditor
- Authors: Modisane, Cameron
- Date: 2015-09-28
- Subjects: Information resources management , Information services industry , Professional employees - Job descriptions , Information technology - Auditing
- Type: Thesis
- Identifier: uj:14173 , http://hdl.handle.net/10210/14616
- Description: M.Com. (Computer Auditing) , Competence in information technology (IT) is crucial for the professional accountants and most importantly, for information systems (IS) auditors currently practising in the execution of IS audits. The increasing dependence of businesses on computerised information systems gives rise to the need for auditors who possess IT knowledge and skills. This study reports the results of a study that investigates the level of IT knowledge and skills required for an IS auditor in the specific context of audit work in South Africa. Results of this study are based on a literature analysis and on data collected from different IS auditor practitioners. The aim of this study is to: (i) examine the IT knowledge and key areas of expertise required from an IS auditor; (ii) determine the educational qualifications required of an IS auditor; and (iii) evaluate the soft skills required from an IS auditor. This research involves a two-stage empirical study. Firstly, the study carried out a literature survey of IT knowledge and skills. Secondly, structured interviews were conducted with a sample of IS audit practitioners. The findings from this study make three main contributions to the field of IS auditing practice and auditing education. Firstly, the study will help in contributing to a theoretical enhancement of the current level of knowledge in the limited existing literature on IS auditors and the type of knowledge and skills that is required from the professionals to perform their duties effectively and add value to the organisation. Secondly, findings from this study are significant to the standards setters regulating the audit profession, academia designing university courses, and audit practitioners evaluating their own IT knowledge. An important contribution of this study is that the findings would initiate discussion, debate and action that would lead to positive changes in the South African IS auditing profession to ensure that IS auditors are on par with the latest technologies around the world.
- Full Text:
The impact of information systems auditor’s training on the quality of an information systems audit
- Authors: Dube, Ishmael
- Date: 2019
- Subjects: Information technology - Auditing , Auditors - Training of
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/421190 , uj:35891
- Description: Abstract: The significance of information technology (IT) audits in organisations is an area that has received increased focus, and it is increasingly necessary to conduct additional research into the IT audit subject area. As a result of increased dependence and spending on IT, it has effectively become a requirement for organisations to increase their level of assurance about these investments and their ability to deliver as expected. IT audits fulfil this role, and are used to examine the effectiveness of controls, security of important systems and business operations to identify weaknesses and find ways that can be used to improve and mitigate the impact of these weaknesses. However, prior research has not measured the impact that training of auditors has on the quality of IT audits. The findings of this study show that organisations play an integral role in the training programs. However, these organisations do not understand their training programs and cannot properly communicate the training requirements to IT auditors. The research findings have also shown that continuous professional development programs are additional tools in enhancing IT auditor knowledge. This research undertaking has found that generally, internal programs are more effective in delivering content to IT auditors and thus more emphasis can be put on them. Overall, this research undertaking strengthens the idea that resources should be committed to improving training programs, as improving training programs eventually leads to efficiency in all matters related to IT audit quality. , M.Com. (Computer Auditing)
- Full Text: