|
|
The significance of IT controls for statutory audit
Reich, Jan ; Doucek, Petr (advisor) ; Kitto, Zuzana (referee)
Over the last few decades, organizations have become increasingly dependent on information technology for the support of their business processes. IT has brought many benefits to the operations of organizations, as well as new risks. Internal control systems implemented to mitigate business risks thus needed to be extended to include a new group of IT controls. One of the areas of business operations that has been strongly associated with IT since the beginning of its widespread use is accounting. This master's thesis examines the effect of IT controls on financial statements of an organization as well as an audit of these financial statements. Principal aim of this thesis is to identify a set of IT controls relevant for a statutory audit. Emphasis is placed on controls covering the areas of information security, computer operations and change management related to information systems. A secondary aim is an analysis of control weaknesses (their nature and frequency of occurence) noted in the presented set of IT controls in a sample of statutory audits conducted in the last four years. For the most common control weaknesses, risks as well as possible causes are discussed and recommendations for improvement are provided.
|
|
|
Audit informačního systému společnosti Terms a.s.
Eremiáš, Karel ; Svatá, Vlasta (advisor)
Práce shrnuje problematiku auditu informačního systému a tyto poznatky následně využívá při provedení auditu informačního systému v reálné společnosti. Audit je prováděn pomocí metodiky COBIT a respektuje nejen požadavky metodiky kladené na audit ale i speciální požadavky, které stanovila organizace. Práce zároveň ověřuje použitelnost metodiky COBIT při provádění auditu v podmínkách středně velké české společnosti.
|
|
| |
|
|
IS Audit - Theory and Practice
Fišera, Martin ; Svatá, Vlasta (advisor) ; Kalina, Jaroslav (referee)
The thesis covers the issue of IS audit in all its breadth. On the basis that this is a very complex area, it was necessary to divide the work into several logical and subsequent chapters. Quality and audit are the key words for this job. Therefore is them given the whole first chapter that chronologically describes the evolution of these concepts. Interpretation of quality is widely described since the Greece and Rome ancient, through Total Quality Management approach to the current understanding of the normative frameworks issued by ISO. There is the term audit continuously followed in the chapter of the concept of quality, whose development is also described in detail in chronological order starting from the reading public accounts to the current form of IS audit. Especially, we focus on development of the definition of audit and the relationship between the financial audits and IS. The second - last - part of the chapter is devoted to a detailed description of the reasons for the application of IS audit in practice. Because of the large specifications of the IS audit is this characteristic position in practice given the second chapter. This chapter contains not only description of the characteristics but also a brief outline of the issue of outsourcing and CloudComputing in relation to the audit of IS. The third chapter is devoted to a normative base of IS audit. Due to a large number of normative frameworks there are analysed only selected representatives in the chapter. These include the ISO / IEC 20000, COBIT, ITIL and others. They are thoroughly described, evaluated and compared to other possibly relevant for the definition of relations and benefit evaluation. The last chapter deals with design process of IS audit at a conceptual level. The aim is to freely continue on the normative base discussed in the previous chapter and a simple, versatile, easily applicable and adaptable IS audit process regarding defined limits.
|
|
|
Audit and Assessment of IS in banks
Fleischmann, Martin ; Svatá, Vlasta (advisor) ; Sokolovský, Zbyněk (referee) ; Novák, Luděk (referee)
Abstract (english) Objectives The main objective of this work is to design methods and proceadures enhancing effectiveness and efficiency of IT audit in banks with the accent given to their use by the supervisory authorities. Another objective of the work (and an essential starting point at the same time) is a summary and assesment of methods and proceadures developed and implemented into the CNB practice with regard to banking supervision in the area of information systems. Objectives Achievement From the methodological point of view the esential starting point of the work was represented by above mentioned objectives that were used for elaboration of a set of questions. Questions enabled to set up the hypotheses. (Another more particular hypotheses were defined in order to design the particular solutions in chapter 5.) Futhermore, the critical factors (problems) were defined in the process of the questions analyses. Subsequently, the solutions were specified. The solutions confirmed the hypotheses which reflected the achievement of the objectives. Description, categorisation, analyses, screening, modelling, comparative analyses and sample testing were used to achieve the objectives. In particular, the solutions that were elaborated, making use of methods described above, enhance effectiveness and efficiency of IT audit in banks. Moreover, the CNB's proceadures and methods were introduced and assesed within the work. Scientific Contribution The work brings an evidence of correlation between the quality of IT audit in banks and their economical performance. With this regard the work contributes with original conclusions, benchmarks and proceadures that may be used by banks, supervisory authorities and IT auditors. These conclusions are achieved by description, categorisation, analyses, modelling and screening research highlighting the role of the rentability, the productivity, the risks, the inovations and the economical value of information. Furthermore, the IT audit and IT supervision in banks are specified. They are also compared and contrast to the other audit cathegories. The work presents important peaces of evidence regarding the role of IT audit in this context. This is made by description, cathegorisation and analyses. Another contribution represents proceadures and methods developed and implemented (to the large extend by author) in the field od IT banking supervision in the Czech Republic. This delivers valuable outputs for foreign supervision authorities, banks and auditors. The work lead to original solutions of critical factors. These solutions are to use by IT audit and IT supervision (and also in audit work generally). The solutions make use of ceartain atributes of Capability Maturity Model (CMM) and were elaborated in the proces of decsription, cathegorisation, screening research, comparative analyses, hypotheses seting and testing. The solutions enhances acuracy and objectiveness of assesment done by IT auditors. The solutions lead to better comparativeness of audit outputs on both national and international level, give better preconditions for risk assesment and capital adequacy evaluation within BASEL II and enhance the information value of audit ouptuts. The structure (content) of the work reflects the above mentioned articles that give a brief description of the main four parts (chapters) of the work.
|
|
|
Significance of risk analysis during IS audit
Guznar, Jiří ; Svatá, Vlasta (advisor) ; Říhová, Zora (referee)
The essential theme of this thesis is the problems of information systems audit. Main aim is to analyze the position of this audit within the internal audit framework and the significancy of risk analysis for audit. This thesis subsequently identifies the most important international standards and methodics concerning this problem area. In the risk domain it focuses above all on risk specifics in the framework of information systems area and technologies. The main goal of this thesis is to create a guideline for audit process. The theme is elaborated in the way of study of accessible domestic and foreign literature and electronic resources. The outcome of this thesis is the settlement of work up of findings from internal audit area, from informational system audit and from risk analysis and risk management. Main contribution of this thesis is the self-constructed guideline covering the whole process of audit, which is based on evaluation of risks and their analysis. The surveyed area can be assessed as progressively developing with raising importance because of still bigger development in the information technology area.
|
|
|
Audit informačního systému společnosti Terms a.s.
Eremiáš, Karel ; Svatá, Vlasta (advisor) ; Maule, Pavel (referee)
The work summary problems of information systems audit and use these findigs while performing information system audit in a real company. Audit is performed using COBIT methodology and it respects not only requirements set by methodology but even special requirements set by organization. The work is also checking usability of COBIT methodology while performing audit in the conditions of medium size czech company.
|
guest ::
