Page 203 - Courses
P. 203

IT Essentials — Computer Operations

              Verifying metrics and goals are established to help IT perform on a tactical basis and also to
               guide the efforts of personnel to improve maturity of practices.

            Effective IT governance regarding all aspects of computer operations will enable the IT function to
            execute its strategy and achieve the objectives established with the approval of organizational
            leaders.

            Audit Planning

            The key objective of an IT (computer) operations audit is to provide management with assurance
            about design and operating effectiveness of the organization’s internal controls, processes, policies
            and procedures.

            In alignment with IIA Standard 2050: Coordination and Reliance, proper coverage of computer
            operations risk will require collaboration with the first- and second-line roles to ensure the internal
            audit activity identifies the information that is most important to the organization.

            In accordance with IIA Standard 1210.A3: Proficiency, internal auditors must have sufficient
            knowledge of key information technology risks and controls and available technology-based audit
            techniques to perform their assigned work. However, not all internal auditors are expected to have
            the expertise of an internal auditor whose primary responsibility is information technology auditing.

            Assessing Controls

             According to IIA Standard 2130: Control, the internal audit activity must assist the organization in
            maintaining effective controls by evaluating their effectiveness and efficiency and by promoting
            continuous improvement.

            Additionally, Standard 2130. A1 states that the internal audit activity must evaluate the adequacy
            and effectiveness of controls in responding to risks within the organization’s governance,
            operations, and information systems regarding the:

                 Achievement of the organization’s strategic objectives.
                 Reliability and integrity of financial and operational information.
                 Effectiveness and efficiency of operations and programs.
                 Safeguarding of assets.
                 Compliance with laws, regulations, policies, procedures, and contracts.

            Analysis and Evaluation

            According to IIA Standard 2320: Analysis and Evaluation, internal auditors must base conclusions
            and engagement results on appropriate analyses and evaluations. Before starting this engagement,
            the internal auditor may request:

             Computer operations service catalogs.
             Inventory of tools used for service management.
            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   198   199   200   201   202   203   204   205   206   207   208