Академический Документы
Профессиональный Документы
Культура Документы
Chapter 14
Evaluation and Audit of e-Business
Learning Objectives
To understand the purpose and need of auditing Information Technology and e-business the principles and basics of auditing e-business various methods and parameters used for auditing e-business security and infrastructure audit of e-business performing IT audit and action items for the same
E-Business
E-Business
Introduction
What is Audit? Examination and analysis of the records or processes for the purpose of verification Why it is needed? for the purpose of verification of consistency and for determining whether the system and processes are performing the desired task Types of Audit? Financial, Security etc.
Oxford University Press 2012. All rights reserved.
E-Business
Why Audit in e-business? - E-business involves number of business transactions over the Web - Financial transactions through payment gateways - Effective security processes and infrastructure need to be in place in order to ensure all activities run smoothly
E-Business
07-02-2013
The supplementary documents facilitating auditing include different diagrams and documents, as
- Network diagrams - System diagrams - Staff relationship Diagram - Responsibility diagrams - Point of exposure analysis - Infrastructure list and positions - Material and information flow diagrams
Oxford University Press 2012. All rights reserved.
E-Business
Auditing guidelines
Comprised of the recommended course of action needed to perform a quality audit Should satisfy the following basic criteria Evaluating and prioritizing action items based on the significance of every part of the audit Accuracy and reliability of audit findings Impartial and non-prejudiced judgement that is not based on outdated or irrelevant data Scope and timeliness of the audit Clarity, efficiency, and effectiveness of the audit
Oxford University Press 2012. All rights reserved.
E-Business
07-02-2013
E-Business
E-Business
E-Auditing Parameters
E-Business
E-Business
07-02-2013
E-Business
E-Business
Audit Programs
The audit program is based on the organizations own reference guide. The program consists of steps to deduce the efficiency. The points to be considered while forming an audit program
The standards used and general guidelines followed by an organization
E-Business
E-Business
Audit Reporting
Audit reports help organizations identify the gaps and develop guidelines for bridging the gaps observed during audit. An e-business audit report should cover IT functionality report IT process auditing report, Responsibilities and management response A document addressing users about the need of the correction in processes.
Oxford University Press 2012. All rights reserved.
E-Business
07-02-2013
E-Business
E-Business
E-Business
E-Business
07-02-2013
Security Audit
Security audit includes
audit for physical security data transmission security, and data storage security
along with security aspects of system administration and application development. It covers the following aspects: 1. Security of computers, servers, and network devices 2. Availability of hardware 3. Physical measures for information and data security
Oxford University Press 2012. All rights reserved.
E-Business
E-Business
Security Audit
4. Backup policies 5. Handling of sensitive information 6. Transmission and encryption of important data 7. Server handling and configuration handling 8. Anomaly detections and identifying violations 9. Disaster recovery and business contingency plans 10. System privilege and access control 11. Information and source code handling 12. Testing strategies 13. Security policies to handle viruses, intrusions, and information corruption
Oxford University Press 2012. All rights reserved.
E-Business
E-Business
Infrastructure Audit
The purpose is to identify whether the required infrastructure is in place and being used properly and efficiently. Essential for security as well as efficiency reasons Includes listing of the available infrastructure such as Hardware assets Operating systems along with patches and versions Software installed on various machines Network analysis (connectivity and requirements) Servers etc.
Oxford University Press 2012. All rights reserved.
E-Business