{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

複製 -Ch_01


Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
IT Audit Solutions Manual Chapter One Discussion Questions 1-1 . Describe the two objectives of IT Governance. Which do you think is more important? The two objectives of IT governance are to: (1) use IT to promote an organization’s objectives and enable business processes and (2) to manage and control IT-related risks. As with many discussion questions, there is no “right” answer here. Both objectives are important. The answer could vary by industry and organization type as IT-related risks could be greater for some businesses than for others. Similarly, the use of IT for strategic business purposes could mean the difference between business failure and success. 1-2. Describe the various types of transactions that an IS might process in the course of acquiring raw materials for production. Acquiring raw materials for production involves ordering the materials, receiving the materials, and paying the vendor. The information system would record each of these transactions and the data associated with them. For example, data entered in the system would include the supplier name, the terms of payment, shipping data, the name of the person making the purchase, and so on. 1-3 . This chapter described several types of work done by IT auditors. Using the Internet, can you identify any other types of work these auditors might do? Several Internet sites provide information about the work of IT auditors. Professional organization sites such as www.isaca.org and www.iia.org provide insight. The web sites for various auditing firms, such as www.ey.com or www.kpmg.com are also helpful. Auditing firms typically post services or solutions as a menu item at their web site. Selecting assurance services will provide you with information about the various assurance service lines offered by the company. 1-4. IT auditors often have technical skills related to specific software. One such software specialization area is enterprise resource planning (ERP) applications. Explain how an IT auditor could acquire and maintain knowledge about one of these software packages. Knowledge about specialized software, including enterprise systems, is most often obtained through work experience. Auditors working for large professional service firms will “apprentice” on job assignments that involve technologies new to them. A company may send the IT auditor
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
to formal training or provide them with time to take online courses.
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}