SlideShare ist ein Scribd-Unternehmen logo

IS and IT Auditor Roles in Today's New Economy

Goutama Bachtiar
Goutama Bachtiar

Capitalized for several guest lecture sessions.

Wirtschaft & Finanzen
1 von 51
IS and IT AUDITOR ROLES IN Today’s New Economy
April 2017 @goudotmobi 2 Image: DeviantArt
THE NEW (DIGITAL) ECONOMY April 2017 3@goudotmobi
What is New Economy? “New industries whereby technology particularly internet and World Wide Web are the driving force behind the economic growth”. Sometimes called “Internet Economy”, “Digital Economy”, or “Web Economy”. April 2017 4@goudotmobi
What is New Economy? (cont’d) “Have started in late 1990s, as high tech tools (support roles), such as the internet”. “Then began penetrating consumer and business fields through consumerization and mass adoption due to mobile devices and affordable data plan with the roles as enabler and driver”. April 2017 5@goudotmobi
More than Only E-Commerce • E-Business (SAP, Oracle, Dynamics) • E-Commerce: E-Retailer, Banner Ad, E-Marketplace (Blibli, Alibaba, Lazada, Zalora) • E-Travel (Traveloka, Tiket) • Crowdfunding (Kickstarter) • Social Media/Network (Facebook, Twitter, Path, Instagram) • Mass Customization Manufacturers: 3D printing, design-your-own clothing, watches, sneakers. April 2017 @goudotmobi 6
More than Only E-Commerce (cont’d) • Car Sharing/Pooling • Transportation-network (Go- JEK, Uber, Grab) • Peer-to-peer lending of money (Zopa, WeLab) • Peer-to-peer property rental (Airbnb) • Online video/music services (Netflix, Spotify, HOOQ) • Online dating services (Match.com, Tinder) • Online advertising (AdWords, AdSense, Facebook Ads) • E-Money, E-Wallet, Virtual and Digital Currency (T-Cash, Flazz, Go-Pay) April 2017 @goudotmobi 7
Important Characteristics • Digitalization and intensive use of Information and Communication Technologies (ICT). • Shifted role from Support into Enabler and Driver. • Transformation of information into commodities. • New ways of organizing work and production. April 2017 @goudotmobi 8
Digital Economy’s Evolution • Steadily evolved since 2000. • A bit shaky start but has been rapidly embraced globally. • In the case of E-Commerce: • Skepticism Early 2000, Internet’s use for business was not so positively responded; It was elsewhere too. • Global Adoption In 2007, as Western countries struggled with economic crisis, other countries rapidly plugging into the bandwagon. • Mobile, Mobile and Mobile Connectivity In 2013 until now, the next billion people are going online worldwide (5 out of 7+ billion) April 2017 @goudotmobi 9
April 2017 @goudotmobi 10
April 2017 @goudotmobi 11
April 2017 @goudotmobi 12
April 2017 @goudotmobi 13
The Fastest Digital Economy April 2017 @goudotmobi 14 Source: Harvard Business Review's Bhaskar Chakravorti
April 2017 @goudotmobi 15
Digital Vulnerability - An Inescapable Aspect April 2017 16 Image courtesy of: City Caucus @goudotmobi Source: Harvard Business Review's Bhaskar Chakravorti
In the Case of Indonesia Economic and Industry Perspectives: • Economic outlook (>4.5%) ~ citing ADB recent stats • In 2050, the 4th largest economy in the world after China, India and the US ~ citing PwC recent study • Stable inflation and interest rate ~ citing ADB recent stats • 5G technology edges closer • US$5.5B investment in telematics (US$500m for cellular phone’s)~ citing IndonesiaInvestments May 2016 • IT spending of US$22+B ~ citing IDC in early 2017 • 80% of budget goes to corporates and enterprises (majority in Banking & Telco) ~ citing IDC in late 2016 17@goudotmobiApril 2017
• 260+ million population • 85+ internet users • 30% saving account owners • 7% credit card subscribers • 55 million Facebookers • 45 million Twitterers • 4 million Kaskusers • 85 million middle class • 5 million middle class growth per year • 3% internet users growth per year • 200 million domestic trips per year Let’s Digging the Numbers Deeper…
@goudotmobi 19April 2017
@goudotmobi 20April 2017
@goudotmobi 21April 2017
@goudotmobi 22April 2017
Reiterating IS and IT Audit • What is? Activities of collecting and evaluating evidence of Information Systems (IS) or Information Technology (IT), practices, and operations within an organization. • Purpose Evaluating system's internal control design and effectiveness. • Objective Safeguarding assets, maintaining data integrity, operating effectively to achieve organization goals and objectives. • Performed In conjunction with financial statement audit, internal audit, or other form of audit. April 2017 @goudotmobi 23
IT Audit In Details • Gathering, Assessing, Evaluating, Validating and Examining an organization's IT Infrastructure, policies, procedures including Comparing and Testing them against the executions/implementations/operations. • The objective is to give assurance whether IT Controls protect corporate assets, ensure data integrity and are aligned with the business overall goals. • Formerly known as Electronic Data Processing (EDP) Audit. April 2017 @goudotmobi 24
IT Audit In Details (cont’d) In a nutshell, to simplify • IT Audit gives assurance that IT systems are adequately protected, provide reliable information to users and properly managed to achieve their intended benefits. Bringing the Objectives forward • Evaluate the systems and processes are in place to secure the organization’s data. • Determine risks (Risk-Based IT Audit) to a company's information assets, and help identify methods to minimize those risks. • Ensure IT management processes are in compliance with IT-specific laws, policies and standards. • Determine inefficiencies in IT systems and associated management. April 2017 @goudotmobi 25
IT vs IT Audit • IS Audit focus on the respective system (especially Business, Accounting and Finance Systems) and particularly within their Application/Software and Data. • IT Audit eyes on IT Infrastructure such as Server, Storage, Network (Router, Switch, Hub), Firewall and other supporting peripherals (UPS, Fire Suppression Systems). April 2017 @goudotmobi 26
Various Types of IT and IS Audit April 2017 @goudotmobi 27 Perform Separate IT/IS audits Perform Integrated audits Perform Technical and IT Operational audits Provide technical assistance to financial audits General Control Examination Application Systems Audit System Under Development Audit Special Topic Audits (Compliance, etc)
What to Audit? April 2017 @goudotmobi 28 Input Processing Output Web Application Security Network Security Application Controls (2nd) Operating System Database General Computer Controls (1st) Physical Security
Auditing General (Computer) Controls April 2017 @goudotmobi 29 IS/IT Strategy IS/IT Policies and Procedures IT/IS Management Practices IT/IS Organizational Structure and Responsibilities Auditing the Management, Planning and Organization of IS/IT
How to Become IT/IS Auditor? Step 1: Complete a Bachelor Degree Program, particularly:  Bachelor of Science (B.S.) in IT (Informatics Engineering, Computer Engineering, Computerized Accounting).  BS in Information Systems.  Bachelor of Arts in Economics majoring in Management or Accounting. Step 2: Gain (Relevant) Working Experience. Step 3: Obtain International Individual Certification (optional) In fact, some of those certifications (such as from ISACA) could be obtained prior to professional experience. April 2017 @goudotmobi 30
International Individual Certifications • CISA (Certified Information Systems Auditor) from ISACA. • CISM (Certified Information Systems Manager) from ISACA. • CISSP (Certified Information Systems Security Professional) from International Information Systems Security Certification Consortium. • ISO 27001 on Information Systems Management Systems (ISMS) Lead Auditor • GSNA: GIAC Systems and Network Auditor from GIAC. • CFE (Certified Fraud Examiner) from ACFE. April 2017 @goudotmobi 31
Common Career Paths April 2017 @goudotmobi 32 Image: PayScale
Compensation Aspect: The US Case April 2017 @goudotmobi 33 Image: PayScale
Compensation Aspect: Indonesia Case April 2017 @goudotmobi 34 Source: Kelly Services
Compensation Aspect: Indonesia Case (cont’d) April 2017 @goudotmobi 35
IS and IT Auditor Parts April 2017 36@goudotmobi
IS and IT Auditor Parts (cont’d) • Deploying Risk-based IS and IT Audit • Leveraging CAAT & other auditing software • Capitalizing frameworks, regulation and standards: • ISACA’s COBIT, Risk IT and ValIT • ISO 20000 on IT Service Management • ISO 27001 on Information Security • ISO 22301 on Business Continuity Management Systems • PMI’s Project Management Body of Knowledge (PMBOK) • IIA COSO • PCI-DSS • Sarbanes-Oxley (SOX) • HIPAA • Peraturan Bank Indonesia and Surat Edaran OJK April 2017 37@goudotmobi
IS and IT Auditor Parts (cont’d) • Always be mindful that auditing involves PUBLIC responsibility that is more important than relationship with CLIENT. • Auditors must express their view on the appropriateness – not just acceptability – of IS and IT principles used or proposed to be used. • Reveal transparency and completeness of opinions, reports and disclosures. April 2017 38@goudotmobi
Must-Have Knowledge 1. Management, Planning, and Organization of IS and IT Commencing Best IS and IT management practices 2. Technical Infrastructure and Operational Practices Understanding hardware, software and networking technologies 3. Protection of Information Assets Mastering information security management 4. Disaster Recovery and Business Continuity Valuing how IS and IT availability are critical to business April 2017 @goudotmobi 39
Must-Have Knowledge (cont’d) 5. Business Application System Development, Acquisition, Implementation, and Maintenance Valuing core area of IS and IT development 6. Business Process Evaluation and Risk Management Linking business expectations and risks to IS and IT development and deployment 7. IS and IT Audit Process Mastering code of ethics, auditing standards, guidelines, audit methodology, techniques and Control Self-Assessment April 2017 @goudotmobi 40
IS/IT Audit Methodology • Manual Assessment  Understanding IT environments and systems  Gathering data and document needed  Assessing and evaluating data and document  Interviewing and discussing with related individuals, functions, divisions and departments  Observing the systems and controls  Validating policies and procedures against the executions  Testing controls against the executions through sampling  Doing on-site visits April 2017 @goudotmobi 41
IS/IT Audit Methodology (cont’d) • Systematic assessment  Performing Security Vulnerability Scans/Assessments (WireShark, Nmap)  Conducting Penetration Test (Nessus)  Rolling out other IT Technical Test  Acquiring and Analyzing Data and File (CAAT such as IDEA and ACL)  Documenting IT/IS Audit Activities and Working Papers (Voyager, AutoAudit, TeamMate) April 2017 @goudotmobi 42
What the Future Holds • IS and IT Auditors play MORE and MORE STRATEGIC roles • Needed than earlier – IT is now BUSINESS DRIVER and more importantly ENABLER. • Paperless or Less Paper Audit Documentation capitalizing Audit Management System (MKInsight, Paisley GRC, TeamMate, etc). • Utilization level of CAAT (Computer-Assisted Auditing Techniques) such as IDEA and ACL getting higher • Functionality Market leader IDEA analyze, manipulate and interrogate huge quantities of data from business platform or systems • Capability Analyze 2,1 billion rows per an unlimited number of sheets while for example Microsoft Excel 2007’s 1,048,576 rows • Integrity Core data cannot be modified once imported April 2017 @goudotmobi 43
What the Future Holds (cont’d) • Adoption of auditing tools such for Vulnerability Assessment and Penetration Testing (Nessus, Nmap). • Still one of fastest-growing professions (20- 30% growth est. for 2018-2030). • Therefore, they shall attain good understanding on Online Business, their cycles and business processes (e-travel, e-commerce, e-money, e- wallet, payment gateway, etc). • New areas to be audited (Social Media, Big Data, Mobile Banking, Smart City). April 2017 @goudotmobi 44
Higher Bargaining Positions •IT plays more strategic role: in tech organizations (driver) and non-tech sectors (enabler and support). •Growing number of IT Budget. •Tons of IT Project and Investments. •Business competition is stiffening. •The world is getting riskier (threats, vulnerabilities keep going). •Driven by professional organization (ISACA and IIA) and regulators. April 2017 45@goudotmobi
Ever Since IT Plays Strategic Role • Number of internet adoption and penetration are rising day in and day out. • IT literacy level throughout individuals and organizations across the globe is increasing. • Organization accommodate it for cost-saving initiative. • Capitalize to reach out more prospects, users, customers, consumers, suppliers, vendors and partners. • Some companies identify and leverage IT as new revenue streams (cost center to profit center). April 2017 46@goudotmobi
Further References Professional Organizations and Associations • Information Systems Audit and Control Association (ISACA) www.isaca.org • The SANS Technology Institute www.sans.org • International Information System Security Certification Consortium (ISC)²: www.isc2.org • The Institute of Internal Auditors www.theiia.org • American Institute of Certified Public Accountants (AICPA) www.aicpa.org April 2017 @goudotmobi 47
Further References (cont’d) Information System • Computer-Assisted Auditing Techniques (CAAT): IDEA, ACL • Audit Management Software: Voyager, MKInsight, TeamMate. Framework • Control Objectives of Business and Information Technology (COBIT) 5 from ISACA • Committee of Sponsoring Organizations of the Treadway Commission (COSO) from IIA • (ISC)² Common Body of Knowledge (CBK) from ISC2 Standard • ISO 27001 Information Security Management Systems (ISMS) April 2017 @goudotmobi 48
April 2017 @goudotmobi 49 Q & A
Reaching Out goutama@gmail.com www.linkedin.com/in/goutama (+62-815) 962 8555 www.slideshare.net/goudotmobi 50 April 2017@goudotmobi Image: imgur
Thank You! Image: HappyJump 51April 2017 @goudotmobi

Empfohlen

Riding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information TechnologyRiding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information Technology
Goutama Bachtiar
 
Valuing Information Management and IT Architecture
Valuing Information Management and IT ArchitectureValuing Information Management and IT Architecture
Valuing Information Management and IT Architecture
Goutama Bachtiar
 
The State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and ChallengesThe State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and Challenges
Goutama Bachtiar
 
Fraud Analytics - Discussion
Fraud Analytics - DiscussionFraud Analytics - Discussion
Fraud Analytics - Discussion
Aditya Madiraju
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
IT Governance Ltd
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
Dr. Muath Asmar
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
Eryk Budi Pratama
 
Orientation in IT Audit
Orientation in IT AuditOrientation in IT Audit
Orientation in IT Audit
Suman Thapaliya
 

Empfohlen

Riding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information TechnologyRiding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information Technology
Goutama Bachtiar
 
Valuing Information Management and IT Architecture
Valuing Information Management and IT ArchitectureValuing Information Management and IT Architecture
Valuing Information Management and IT Architecture
Goutama Bachtiar
 
The State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and ChallengesThe State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and Challenges
Goutama Bachtiar
 
Fraud Analytics - Discussion
Fraud Analytics - DiscussionFraud Analytics - Discussion
Fraud Analytics - Discussion
Aditya Madiraju
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
IT Governance Ltd
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
Dr. Muath Asmar
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
Eryk Budi Pratama
 
Orientation in IT Audit
Orientation in IT AuditOrientation in IT Audit
Orientation in IT Audit
Suman Thapaliya
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
Precisely
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
Rd. R. Agung Trimanda
 
Fintech & Blockchain
Fintech & BlockchainFintech & Blockchain
Fintech & Blockchain
IndSightsResearchSG
 
IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011
Ambrose Ruyooka,PMP,CGEIT, CRISC
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
IT Governance Ltd
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
IT Governance Ltd
 
8 reasons you need a strategy for managing information...before it's too late
8 reasons you need a strategy for managing information...before it's too late8 reasons you need a strategy for managing information...before it's too late
8 reasons you need a strategy for managing information...before it's too late
John Mancini
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
PECB
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
Dr. Muath Asmar
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
rajab ssemwogerere
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
Internal Audit’s Contribution to the Effectiveness of Information Security Ma...
Internal Audit’s Contribution to the Effectiveness of Information Security Ma...Internal Audit’s Contribution to the Effectiveness of Information Security Ma...
Internal Audit’s Contribution to the Effectiveness of Information Security Ma...
Gokhan Polat
 
In sync10 grc_suite
In sync10 grc_suiteIn sync10 grc_suite
In sync10 grc_suite
InSync Conference
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
IT Governance Ltd
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
Mantala
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
IT Governance Ltd
 
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863
IBMgbsNA
 
An American Legal Perspective
An American Legal PerspectiveAn American Legal Perspective
An American Legal Perspective
Agustin Argelich Casals
 
Chap18
Chap18Chap18
Chap18
Fathur Rohman
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
Dan Michaluk
 
BI: Beyond Intelligence
BI: Beyond IntelligenceBI: Beyond Intelligence
BI: Beyond Intelligence
Waterstons Ltd
 
Industrial IoT Disruption: Trends, Hurdles and Success Factors
Industrial IoT Disruption: Trends, Hurdles and Success Factors Industrial IoT Disruption: Trends, Hurdles and Success Factors
Industrial IoT Disruption: Trends, Hurdles and Success Factors
Grey Heron, Venture Consulting
 

Weitere ähnliche Inhalte

Was ist angesagt?

ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
PECB
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 

Was ist angesagt? (20)

Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
 
Fintech & Blockchain
Fintech & BlockchainFintech & Blockchain
Fintech & Blockchain
 
IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
 
8 reasons you need a strategy for managing information...before it's too late
8 reasons you need a strategy for managing information...before it's too late8 reasons you need a strategy for managing information...before it's too late
8 reasons you need a strategy for managing information...before it's too late
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
Internal Audit’s Contribution to the Effectiveness of Information Security Ma...
Internal Audit’s Contribution to the Effectiveness of Information Security Ma...Internal Audit’s Contribution to the Effectiveness of Information Security Ma...
Internal Audit’s Contribution to the Effectiveness of Information Security Ma...
 
In sync10 grc_suite
In sync10 grc_suiteIn sync10 grc_suite
In sync10 grc_suite
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
 
FulcrumWay GRC Solutions
FulcrumWay GRC SolutionsFulcrumWay GRC Solutions
FulcrumWay GRC Solutions
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
 
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863
 
An American Legal Perspective
An American Legal PerspectiveAn American Legal Perspective
An American Legal Perspective
 
Chap18
Chap18Chap18
Chap18
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 

Ähnlich wie IS and IT Auditor Roles in Today's New Economy

Application of Big Data in Enterprise Management
Application of Big Data in Enterprise ManagementApplication of Big Data in Enterprise Management
Application of Big Data in Enterprise Management
ijtsrd
 
Industrial internet big data german market study
Industrial internet big data german market studyIndustrial internet big data german market study
Industrial internet big data german market study
Business Finland
 
An Introduction to Data Science.pptx learn
An Introduction to Data Science.pptx learnAn Introduction to Data Science.pptx learn
An Introduction to Data Science.pptx learn
Pavankalayankusetty
 
Mobile Business Intelligence Acceptance Model for Organisational Decision Making
Mobile Business Intelligence Acceptance Model for Organisational Decision MakingMobile Business Intelligence Acceptance Model for Organisational Decision Making
Mobile Business Intelligence Acceptance Model for Organisational Decision Making
journalBEEI
 

Ähnlich wie IS and IT Auditor Roles in Today's New Economy (20)

BI: Beyond Intelligence
BI: Beyond IntelligenceBI: Beyond Intelligence
BI: Beyond Intelligence
 
Industrial IoT Disruption: Trends, Hurdles and Success Factors
Industrial IoT Disruption: Trends, Hurdles and Success Factors Industrial IoT Disruption: Trends, Hurdles and Success Factors
Industrial IoT Disruption: Trends, Hurdles and Success Factors
 
front-2
front-2front-2
front-2
 
Introduction to Big Data
Introduction to Big DataIntroduction to Big Data
Introduction to Big Data
 
IRJET- Scope of Big Data Analytics in Industrial Domain
IRJET- Scope of Big Data Analytics in Industrial DomainIRJET- Scope of Big Data Analytics in Industrial Domain
IRJET- Scope of Big Data Analytics in Industrial Domain
 
Application of Big Data in Enterprise Management
Application of Big Data in Enterprise ManagementApplication of Big Data in Enterprise Management
Application of Big Data in Enterprise Management
 
From IoT to IoTA
From IoT to IoTAFrom IoT to IoTA
From IoT to IoTA
 
Industrial internet big data german market study
Industrial internet big data german market studyIndustrial internet big data german market study
Industrial internet big data german market study
 
Industrial internet big data german market study
Industrial internet big data german market studyIndustrial internet big data german market study
Industrial internet big data german market study
 
[WSO2Con Asia 2018] Get on the Bus for the Journey
[WSO2Con Asia 2018] Get on the Bus for the Journey[WSO2Con Asia 2018] Get on the Bus for the Journey
[WSO2Con Asia 2018] Get on the Bus for the Journey
 
Thomas Vavra | New Ways of Handling Old Data
Thomas Vavra | New Ways of Handling Old DataThomas Vavra | New Ways of Handling Old Data
Thomas Vavra | New Ways of Handling Old Data
 
An Introduction to Data Science.pptx learn
An Introduction to Data Science.pptx learnAn Introduction to Data Science.pptx learn
An Introduction to Data Science.pptx learn
 
Industrialisation of analytics in India: Big Opportunity, Big Outcome
Industrialisation of analytics in India: Big Opportunity, Big OutcomeIndustrialisation of analytics in India: Big Opportunity, Big Outcome
Industrialisation of analytics in India: Big Opportunity, Big Outcome
 
Comprehending Information Technology Governance
Comprehending Information Technology GovernanceComprehending Information Technology Governance
Comprehending Information Technology Governance
 
Mobile Business Intelligence Acceptance Model for Organisational Decision Making
Mobile Business Intelligence Acceptance Model for Organisational Decision MakingMobile Business Intelligence Acceptance Model for Organisational Decision Making
Mobile Business Intelligence Acceptance Model for Organisational Decision Making
 
BIG DATA CHAPTER 2 IN DSS.pptx
BIG DATA CHAPTER 2 IN DSS.pptxBIG DATA CHAPTER 2 IN DSS.pptx
BIG DATA CHAPTER 2 IN DSS.pptx
 
C suite Involvement is Imperative for Successful IoT and Digital Ttansformation
C suite Involvement is Imperative for Successful IoT and Digital TtansformationC suite Involvement is Imperative for Successful IoT and Digital Ttansformation
C suite Involvement is Imperative for Successful IoT and Digital Ttansformation
 
Introductory of Information Technology
Introductory of Information TechnologyIntroductory of Information Technology
Introductory of Information Technology
 
Analytics trends 2016 the next evolution
Analytics trends 2016 the next evolutionAnalytics trends 2016 the next evolution
Analytics trends 2016 the next evolution
 
Analytics Trends 2016: The next evolution
Analytics Trends 2016: The next evolutionAnalytics Trends 2016: The next evolution
Analytics Trends 2016: The next evolution
 

Mehr von Goutama Bachtiar

Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor Relationships
Goutama Bachtiar
 

Mehr von Goutama Bachtiar (20)

Crypto Currency, Bitcoin and Blockchain
Crypto Currency, Bitcoin and BlockchainCrypto Currency, Bitcoin and Blockchain
Crypto Currency, Bitcoin and Blockchain
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018
 
Blockchain Essentials - Harnessing the Technology for Banking Industry
Blockchain Essentials - Harnessing the Technology for Banking IndustryBlockchain Essentials - Harnessing the Technology for Banking Industry
Blockchain Essentials - Harnessing the Technology for Banking Industry
 
Delving into Fintech
Delving into FintechDelving into Fintech
Delving into Fintech
 
Leveraging Agile Project Management with Scrum
Leveraging Agile Project Management with ScrumLeveraging Agile Project Management with Scrum
Leveraging Agile Project Management with Scrum
 
Library of Information Technology Icons
Library of Information Technology IconsLibrary of Information Technology Icons
Library of Information Technology Icons
 
PMBOK 6th vs 5th Edition
PMBOK 6th vs 5th EditionPMBOK 6th vs 5th Edition
PMBOK 6th vs 5th Edition
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and Fraud
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and Investigation
 
Managing IT Risks in Internet Banking
Managing IT Risks in Internet BankingManaging IT Risks in Internet Banking
Managing IT Risks in Internet Banking
 
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryElectronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)
 
Implementing BPMN 2.0 with Microsoft Visio
Implementing BPMN 2.0 with Microsoft VisioImplementing BPMN 2.0 with Microsoft Visio
Implementing BPMN 2.0 with Microsoft Visio
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor Relationships
 
The Current and Future State of Internet of Things: Unveiling the Opportunities
The Current and Future State of Internet of Things: Unveiling the OpportunitiesThe Current and Future State of Internet of Things: Unveiling the Opportunities
The Current and Future State of Internet of Things: Unveiling the Opportunities
 
Crafting and Delivering Effective Business Pitch to Investors
Crafting and Delivering Effective Business Pitch to InvestorsCrafting and Delivering Effective Business Pitch to Investors
Crafting and Delivering Effective Business Pitch to Investors
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security Nowadays
 
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment Form
 

Kürzlich hochgeladen

call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort : 9352852248 Make on-demand Arrangements Near yOU
 
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
falcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesfalcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunities
Falcon Invoice Discounting
 
8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available
8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available
8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available
dollysharma2066
 
Airport Road Best Experience Call Girls Number-📞📞9833754194 Santacruz MOst Es...
Airport Road Best Experience Call Girls Number-📞📞9833754194 Santacruz MOst Es...Airport Road Best Experience Call Girls Number-📞📞9833754194 Santacruz MOst Es...
Airport Road Best Experience Call Girls Number-📞📞9833754194 Santacruz MOst Es...
priyasharma62062
 
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
amitlee9823
 
VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...
VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...
VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...
VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...
VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
CBD Belapur Expensive Housewife Call Girls Number-📞📞9833754194 No 1 Vipp HIgh...
CBD Belapur Expensive Housewife Call Girls Number-📞📞9833754194 No 1 Vipp HIgh...CBD Belapur Expensive Housewife Call Girls Number-📞📞9833754194 No 1 Vipp HIgh...
CBD Belapur Expensive Housewife Call Girls Number-📞📞9833754194 No 1 Vipp HIgh...
priyasharma62062
 
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
dipikadinghjn ( Why You Choose Us? ) Escorts
 

Kürzlich hochgeladen (20)

call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
 
7 tips trading Deriv Accumulator Options
7 tips trading Deriv Accumulator Options7 tips trading Deriv Accumulator Options
7 tips trading Deriv Accumulator Options
 
Kopar Khairane Russian Call Girls Number-9833754194-Navi Mumbai Fantastic Unl...
Kopar Khairane Russian Call Girls Number-9833754194-Navi Mumbai Fantastic Unl...Kopar Khairane Russian Call Girls Number-9833754194-Navi Mumbai Fantastic Unl...
Kopar Khairane Russian Call Girls Number-9833754194-Navi Mumbai Fantastic Unl...
 
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
 
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
 
falcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesfalcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunities
 
8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available
8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available
8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available
 
cost-volume-profit analysis.ppt(managerial accounting).pptx
cost-volume-profit analysis.ppt(managerial accounting).pptxcost-volume-profit analysis.ppt(managerial accounting).pptx
cost-volume-profit analysis.ppt(managerial accounting).pptx
 
Q1 2024 Conference Call Presentation vF.pdf
Q1 2024 Conference Call Presentation vF.pdfQ1 2024 Conference Call Presentation vF.pdf
Q1 2024 Conference Call Presentation vF.pdf
 
Technology industry / Finnish economic outlook
Technology industry / Finnish economic outlookTechnology industry / Finnish economic outlook
Technology industry / Finnish economic outlook
 
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
 
Airport Road Best Experience Call Girls Number-📞📞9833754194 Santacruz MOst Es...
Airport Road Best Experience Call Girls Number-📞📞9833754194 Santacruz MOst Es...Airport Road Best Experience Call Girls Number-📞📞9833754194 Santacruz MOst Es...
Airport Road Best Experience Call Girls Number-📞📞9833754194 Santacruz MOst Es...
 
Diva-Thane European Call Girls Number-9833754194-Diva Busty Professional Call...
Diva-Thane European Call Girls Number-9833754194-Diva Busty Professional Call...Diva-Thane European Call Girls Number-9833754194-Diva Busty Professional Call...
Diva-Thane European Call Girls Number-9833754194-Diva Busty Professional Call...
 
Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024
 
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
 
VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...
VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...
VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...
 
VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...
VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...
VIP Call Girl Service Andheri West ⚡ 9920725232 What It Takes To Be The Best ...
 
Toronto dominion bank investor presentation.pdf
Toronto dominion bank investor presentation.pdfToronto dominion bank investor presentation.pdf
Toronto dominion bank investor presentation.pdf
 
CBD Belapur Expensive Housewife Call Girls Number-📞📞9833754194 No 1 Vipp HIgh...
CBD Belapur Expensive Housewife Call Girls Number-📞📞9833754194 No 1 Vipp HIgh...CBD Belapur Expensive Housewife Call Girls Number-📞📞9833754194 No 1 Vipp HIgh...
CBD Belapur Expensive Housewife Call Girls Number-📞📞9833754194 No 1 Vipp HIgh...
 
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
 

IS and IT Auditor Roles in Today's New Economy

  • 1. IS and IT AUDITOR ROLES IN Today’s New Economy
  • 2. April 2017 @goudotmobi 2 Image: DeviantArt
  • 4. What is New Economy? “New industries whereby technology particularly internet and World Wide Web are the driving force behind the economic growth”. Sometimes called “Internet Economy”, “Digital Economy”, or “Web Economy”. April 2017 4@goudotmobi
  • 5. What is New Economy? (cont’d) “Have started in late 1990s, as high tech tools (support roles), such as the internet”. “Then began penetrating consumer and business fields through consumerization and mass adoption due to mobile devices and affordable data plan with the roles as enabler and driver”. April 2017 5@goudotmobi
  • 6. More than Only E-Commerce • E-Business (SAP, Oracle, Dynamics) • E-Commerce: E-Retailer, Banner Ad, E-Marketplace (Blibli, Alibaba, Lazada, Zalora) • E-Travel (Traveloka, Tiket) • Crowdfunding (Kickstarter) • Social Media/Network (Facebook, Twitter, Path, Instagram) • Mass Customization Manufacturers: 3D printing, design-your-own clothing, watches, sneakers. April 2017 @goudotmobi 6
  • 7. More than Only E-Commerce (cont’d) • Car Sharing/Pooling • Transportation-network (Go- JEK, Uber, Grab) • Peer-to-peer lending of money (Zopa, WeLab) • Peer-to-peer property rental (Airbnb) • Online video/music services (Netflix, Spotify, HOOQ) • Online dating services (Match.com, Tinder) • Online advertising (AdWords, AdSense, Facebook Ads) • E-Money, E-Wallet, Virtual and Digital Currency (T-Cash, Flazz, Go-Pay) April 2017 @goudotmobi 7
  • 8. Important Characteristics • Digitalization and intensive use of Information and Communication Technologies (ICT). • Shifted role from Support into Enabler and Driver. • Transformation of information into commodities. • New ways of organizing work and production. April 2017 @goudotmobi 8
  • 9. Digital Economy’s Evolution • Steadily evolved since 2000. • A bit shaky start but has been rapidly embraced globally. • In the case of E-Commerce: • Skepticism Early 2000, Internet’s use for business was not so positively responded; It was elsewhere too. • Global Adoption In 2007, as Western countries struggled with economic crisis, other countries rapidly plugging into the bandwagon. • Mobile, Mobile and Mobile Connectivity In 2013 until now, the next billion people are going online worldwide (5 out of 7+ billion) April 2017 @goudotmobi 9
  • 14. The Fastest Digital Economy April 2017 @goudotmobi 14 Source: Harvard Business Review's Bhaskar Chakravorti
  • 16. Digital Vulnerability - An Inescapable Aspect April 2017 16 Image courtesy of: City Caucus @goudotmobi Source: Harvard Business Review's Bhaskar Chakravorti
  • 17. In the Case of Indonesia Economic and Industry Perspectives: • Economic outlook (>4.5%) ~ citing ADB recent stats • In 2050, the 4th largest economy in the world after China, India and the US ~ citing PwC recent study • Stable inflation and interest rate ~ citing ADB recent stats • 5G technology edges closer • US$5.5B investment in telematics (US$500m for cellular phone’s)~ citing IndonesiaInvestments May 2016 • IT spending of US$22+B ~ citing IDC in early 2017 • 80% of budget goes to corporates and enterprises (majority in Banking & Telco) ~ citing IDC in late 2016 17@goudotmobiApril 2017
  • 18. • 260+ million population • 85+ internet users • 30% saving account owners • 7% credit card subscribers • 55 million Facebookers • 45 million Twitterers • 4 million Kaskusers • 85 million middle class • 5 million middle class growth per year • 3% internet users growth per year • 200 million domestic trips per year Let’s Digging the Numbers Deeper…
  • 23. Reiterating IS and IT Audit • What is? Activities of collecting and evaluating evidence of Information Systems (IS) or Information Technology (IT), practices, and operations within an organization. • Purpose Evaluating system's internal control design and effectiveness. • Objective Safeguarding assets, maintaining data integrity, operating effectively to achieve organization goals and objectives. • Performed In conjunction with financial statement audit, internal audit, or other form of audit. April 2017 @goudotmobi 23
  • 24. IT Audit In Details • Gathering, Assessing, Evaluating, Validating and Examining an organization's IT Infrastructure, policies, procedures including Comparing and Testing them against the executions/implementations/operations. • The objective is to give assurance whether IT Controls protect corporate assets, ensure data integrity and are aligned with the business overall goals. • Formerly known as Electronic Data Processing (EDP) Audit. April 2017 @goudotmobi 24
  • 25. IT Audit In Details (cont’d) In a nutshell, to simplify • IT Audit gives assurance that IT systems are adequately protected, provide reliable information to users and properly managed to achieve their intended benefits. Bringing the Objectives forward • Evaluate the systems and processes are in place to secure the organization’s data. • Determine risks (Risk-Based IT Audit) to a company's information assets, and help identify methods to minimize those risks. • Ensure IT management processes are in compliance with IT-specific laws, policies and standards. • Determine inefficiencies in IT systems and associated management. April 2017 @goudotmobi 25
  • 26. IT vs IT Audit • IS Audit focus on the respective system (especially Business, Accounting and Finance Systems) and particularly within their Application/Software and Data. • IT Audit eyes on IT Infrastructure such as Server, Storage, Network (Router, Switch, Hub), Firewall and other supporting peripherals (UPS, Fire Suppression Systems). April 2017 @goudotmobi 26
  • 27. Various Types of IT and IS Audit April 2017 @goudotmobi 27 Perform Separate IT/IS audits Perform Integrated audits Perform Technical and IT Operational audits Provide technical assistance to financial audits General Control Examination Application Systems Audit System Under Development Audit Special Topic Audits (Compliance, etc)
  • 28. What to Audit? April 2017 @goudotmobi 28 Input Processing Output Web Application Security Network Security Application Controls (2nd) Operating System Database General Computer Controls (1st) Physical Security
  • 29. Auditing General (Computer) Controls April 2017 @goudotmobi 29 IS/IT Strategy IS/IT Policies and Procedures IT/IS Management Practices IT/IS Organizational Structure and Responsibilities Auditing the Management, Planning and Organization of IS/IT
  • 30. How to Become IT/IS Auditor? Step 1: Complete a Bachelor Degree Program, particularly:  Bachelor of Science (B.S.) in IT (Informatics Engineering, Computer Engineering, Computerized Accounting).  BS in Information Systems.  Bachelor of Arts in Economics majoring in Management or Accounting. Step 2: Gain (Relevant) Working Experience. Step 3: Obtain International Individual Certification (optional) In fact, some of those certifications (such as from ISACA) could be obtained prior to professional experience. April 2017 @goudotmobi 30
  • 31. International Individual Certifications • CISA (Certified Information Systems Auditor) from ISACA. • CISM (Certified Information Systems Manager) from ISACA. • CISSP (Certified Information Systems Security Professional) from International Information Systems Security Certification Consortium. • ISO 27001 on Information Systems Management Systems (ISMS) Lead Auditor • GSNA: GIAC Systems and Network Auditor from GIAC. • CFE (Certified Fraud Examiner) from ACFE. April 2017 @goudotmobi 31
  • 32. Common Career Paths April 2017 @goudotmobi 32 Image: PayScale
  • 33. Compensation Aspect: The US Case April 2017 @goudotmobi 33 Image: PayScale
  • 34. Compensation Aspect: Indonesia Case April 2017 @goudotmobi 34 Source: Kelly Services
  • 35. Compensation Aspect: Indonesia Case (cont’d) April 2017 @goudotmobi 35
  • 36. IS and IT Auditor Parts April 2017 36@goudotmobi
  • 37. IS and IT Auditor Parts (cont’d) • Deploying Risk-based IS and IT Audit • Leveraging CAAT & other auditing software • Capitalizing frameworks, regulation and standards: • ISACA’s COBIT, Risk IT and ValIT • ISO 20000 on IT Service Management • ISO 27001 on Information Security • ISO 22301 on Business Continuity Management Systems • PMI’s Project Management Body of Knowledge (PMBOK) • IIA COSO • PCI-DSS • Sarbanes-Oxley (SOX) • HIPAA • Peraturan Bank Indonesia and Surat Edaran OJK April 2017 37@goudotmobi
  • 38. IS and IT Auditor Parts (cont’d) • Always be mindful that auditing involves PUBLIC responsibility that is more important than relationship with CLIENT. • Auditors must express their view on the appropriateness – not just acceptability – of IS and IT principles used or proposed to be used. • Reveal transparency and completeness of opinions, reports and disclosures. April 2017 38@goudotmobi
  • 39. Must-Have Knowledge 1. Management, Planning, and Organization of IS and IT Commencing Best IS and IT management practices 2. Technical Infrastructure and Operational Practices Understanding hardware, software and networking technologies 3. Protection of Information Assets Mastering information security management 4. Disaster Recovery and Business Continuity Valuing how IS and IT availability are critical to business April 2017 @goudotmobi 39
  • 40. Must-Have Knowledge (cont’d) 5. Business Application System Development, Acquisition, Implementation, and Maintenance Valuing core area of IS and IT development 6. Business Process Evaluation and Risk Management Linking business expectations and risks to IS and IT development and deployment 7. IS and IT Audit Process Mastering code of ethics, auditing standards, guidelines, audit methodology, techniques and Control Self-Assessment April 2017 @goudotmobi 40
  • 41. IS/IT Audit Methodology • Manual Assessment  Understanding IT environments and systems  Gathering data and document needed  Assessing and evaluating data and document  Interviewing and discussing with related individuals, functions, divisions and departments  Observing the systems and controls  Validating policies and procedures against the executions  Testing controls against the executions through sampling  Doing on-site visits April 2017 @goudotmobi 41
  • 42. IS/IT Audit Methodology (cont’d) • Systematic assessment  Performing Security Vulnerability Scans/Assessments (WireShark, Nmap)  Conducting Penetration Test (Nessus)  Rolling out other IT Technical Test  Acquiring and Analyzing Data and File (CAAT such as IDEA and ACL)  Documenting IT/IS Audit Activities and Working Papers (Voyager, AutoAudit, TeamMate) April 2017 @goudotmobi 42
  • 43. What the Future Holds • IS and IT Auditors play MORE and MORE STRATEGIC roles • Needed than earlier – IT is now BUSINESS DRIVER and more importantly ENABLER. • Paperless or Less Paper Audit Documentation capitalizing Audit Management System (MKInsight, Paisley GRC, TeamMate, etc). • Utilization level of CAAT (Computer-Assisted Auditing Techniques) such as IDEA and ACL getting higher • Functionality Market leader IDEA analyze, manipulate and interrogate huge quantities of data from business platform or systems • Capability Analyze 2,1 billion rows per an unlimited number of sheets while for example Microsoft Excel 2007’s 1,048,576 rows • Integrity Core data cannot be modified once imported April 2017 @goudotmobi 43
  • 44. What the Future Holds (cont’d) • Adoption of auditing tools such for Vulnerability Assessment and Penetration Testing (Nessus, Nmap). • Still one of fastest-growing professions (20- 30% growth est. for 2018-2030). • Therefore, they shall attain good understanding on Online Business, their cycles and business processes (e-travel, e-commerce, e-money, e- wallet, payment gateway, etc). • New areas to be audited (Social Media, Big Data, Mobile Banking, Smart City). April 2017 @goudotmobi 44
  • 45. Higher Bargaining Positions •IT plays more strategic role: in tech organizations (driver) and non-tech sectors (enabler and support). •Growing number of IT Budget. •Tons of IT Project and Investments. •Business competition is stiffening. •The world is getting riskier (threats, vulnerabilities keep going). •Driven by professional organization (ISACA and IIA) and regulators. April 2017 45@goudotmobi
  • 46. Ever Since IT Plays Strategic Role • Number of internet adoption and penetration are rising day in and day out. • IT literacy level throughout individuals and organizations across the globe is increasing. • Organization accommodate it for cost-saving initiative. • Capitalize to reach out more prospects, users, customers, consumers, suppliers, vendors and partners. • Some companies identify and leverage IT as new revenue streams (cost center to profit center). April 2017 46@goudotmobi
  • 47. Further References Professional Organizations and Associations • Information Systems Audit and Control Association (ISACA) www.isaca.org • The SANS Technology Institute www.sans.org • International Information System Security Certification Consortium (ISC)²: www.isc2.org • The Institute of Internal Auditors www.theiia.org • American Institute of Certified Public Accountants (AICPA) www.aicpa.org April 2017 @goudotmobi 47
  • 48. Further References (cont’d) Information System • Computer-Assisted Auditing Techniques (CAAT): IDEA, ACL • Audit Management Software: Voyager, MKInsight, TeamMate. Framework • Control Objectives of Business and Information Technology (COBIT) 5 from ISACA • Committee of Sponsoring Organizations of the Treadway Commission (COSO) from IIA • (ISC)² Common Body of Knowledge (CBK) from ISC2 Standard • ISO 27001 Information Security Management Systems (ISMS) April 2017 @goudotmobi 48
  • 50. Reaching Out goutama@gmail.com www.linkedin.com/in/goutama (+62-815) 962 8555 www.slideshare.net/goudotmobi 50 April 2017@goudotmobi Image: imgur