|
|
Proposal of a methodology for setting up monitoring activities in organizations
Andris, Peter ; Iva,, Vondrová (referee) ; Sedlák, Petr (advisor)
The main topic of the master thesis is the proposal of a methodology for monitoring activities in organizations at audit company clients. This methodology will comply with regulatory requirements that impact the audit firm. The content of the thesis consists of three parts. In the first part of the thesis there is a theory explaining all the essential parts from the basic . The second part is an analysis where the impact of different institutions on the audit company, controls using IT audit and how they use logs and monitoring are discussed. The final part of the thesis offers a proposal of the methodology and a demonstration of its partial implementation on selected systems. The economic evaluation is also discussed within this section.
|
|
|
SAP ERP security as part of financial audit in a large business environment
Fišer, Marek ; Svatá, Vlasta (advisor) ; Výborný, Vojtěch (referee)
The aim of this diploma thesis is to present the methodology that is used, to test the design and implementation of internal application controls in environment of large companies using ERP systems, especially in the environment of companies using SAP ECC. This methodology is described in the thesis. Practical task which is aimed at verifying the security level of SAP ECC in real business environment is also part of the thesis. The practical part is composed of a detailed description of IT auditors individual steps of the testing procedure, a list of security elements, which are subject to an audit procedures and documents required for verification of the control effectiveness implemented in clients environment. Furthermore, there is a summary and evaluation of the risk level associated with identified deficiencies. Part of the evaluation is a list of recommendations, which the company should apply to increase the efficiency of internal controls and thus achieve the optimal security level of SAP ECC. In the final section of the diploma thesis there is an analysis of the deficiencies elaborated. These deficiencies have been identified during the audit season in 2016 in environment of 20 large companies using this ERP system. Identified findings are classified according to the risk level. Another part of analysis are comprehensive recommendations that IT auditors provide to their clients in order to increase the security level of IT environment, especially in connection with the management and other activities related to financial data.
|
|
|
IT audit as a support for financial audit
GIERTL, Jakub
The diploma thesis deals with the use of IT audit as support for financial audit. The work is divided into two larger parts, theoretical and practical. In the theoretical part, the author describes the audit as such, audit methodology, standards of good practice and information system. The practical part is based on the practical execution of the audit, which begins with the audit plan and ends with the evaluation of testing and possible recommendations for change.
|
|
|
IS audit in financial institutions
Ševčík, Petr ; Svatá, Vlasta (advisor) ; Kalina, Jaroslav (referee)
Concern of this thesis is a topic of an IT audit on financial institutions. These institutions are subject to severe regulations and considering their purpose -- to provide financial services, it has to be maintained unconditional security of both their information system and data. Therefore, financial institutions belong to the group of the most common customers of IT audit services. Opening part is dedicated to the relationship between financial audit and IT audit. Their history is described until present days. Both local and international contemporary legislation is also described. Then the COBIT methodology is introduced as main methodology concerning IT auditing. Finally, conclusions about relationship between financial audit and IT audit are presented. Following part of this thesis introduce essential requirements on financial institutions controls that are specific for this sector. There are several kinds of assurances and audit is only one of them, so the following part is dedicated to the introduction of each kind with description of their specifics. In the last, practical, part the IT audit checklist for financial institutions is worked out.
|
guest ::
