Contents of information system audit:
The contents of bank information system audit mainly focus on the following aspects:
Audit of information system management, planning and organization-evaluating strategies, policies, standards, procedures and related practices in information system management, planning and organization.
Audit of information system technical infrastructure and operational practices-Assess the effectiveness and efficiency of the organization in managing and implementing technical infrastructure and operational practices to ensure that it fully supports the business objectives of the organization.
Audit of information asset protection-Assess the security of logic, environment and information technology infrastructure to ensure that it supports the needs of the organization to protect information assets, and prevent information assets from being used, disclosed, modified, damaged or lost without authorization.
Audit of disaster recovery and business continuity plans-these plans enable the organization to continue its business in the event of a disaster, and the process of establishing and maintaining these plans needs to be evaluated.
Audit of application system development, acquisition, implementation and maintenance-Evaluate the methods and processes adopted in the development, acquisition, implementation and maintenance of an organization's business application system to ensure that it meets the organization's business objectives.
Audit of it-related business processes-Evaluate the organization's business systems and processes to ensure that the corresponding risks are managed according to the organization's business objectives. Audit of human resource management related to information security-evaluate the policies, procedures and practices of human resource management related to security, and the corporate culture of "everyone is responsible for information security". Information system audit can be divided into two categories: one is the internal audit completed by the organization itself. The main purpose of internal audit is to check the compliance of all departments of the organization with the safety system and ensure that internal auditors can meet customers freely.
Objective work is independent, and independence can enable internal auditors to make fair and just judgments. The executive director of information system audit shall report the business work to the audit committee, the board of directors or other governance institutions, and report the administrative work to the CEO of this institution. The other is an external audit completed by an accounting firm or a professional technical service institution. External audit is usually carried out because of listing, merger, year-end inspection or other laws and regulations, and is generally more formal and in-depth. The trustee of information audit should be independent of the client to ensure the objectivity and impartiality of information system audit.