Case Study: Conducting an Information Systems Audit
IN THIS CHAPTER, WE learn about the steps involved in conducting an information systems audit. We have selected a bank as a case study essentially because banks represent one of the most critical and sensitive applications of information systems assets. In addition, the multiple guidelines issued by the central banks of different countries on this matter provide a rich collection of best practices from which we have drawn. The chapter provides a step-by-step guide to conducting an information systems audit at the various levels of a bank, including its branches.
The lessons presented in this chapter are not restricted to applications in bank information systems alone. The methodology is applicable to all information systems, although the specific object of examination is likely to vary. At the end of this chapter we will be ready to conduct an information systems audit of any entities, including those with multilocation systems.
IMPORTANT SECURITY ISSUES IN BANKS
Important security issues involved in an information systems audit of a bank, as well as other organizations, include the following:
User Access Management
The auditor needs to verify the following two points:
The information ...