On 10/19/09, Joshua Amolo <
joshua.amolo@gmail.com> wrote:
> If you check my mail again Chuks, i talked about SCOPE
>
> On Mon, Oct 19, 2009 at 4:00 PM, Gichuki John Chuksjonia <
>
chuksjonia@gmail.com> wrote:
>
>> @Joshua, yah mistaken. What does an IT Audit compose of. Because a
>> Code Audit is part of IT Audit, tell us, how can an Finance guy look
>> for loop holes and bugs in a php code if he doesn't even know how to
>> write one?
>>
>>
>>
>>
>> On 10/19/09, Joshua Amolo <
joshua.amolo@gmail.com> wrote:
>> > I dont think there is naything wrong with a Finance guy auditing IT.
>> >
>> > The issue should be what's the purpose of the audit. The purpose will
>> give a
>> > clear scope and the necessary competence to undertake the the audit.
>> >
>> > For example if you were to audit the financial sense of having a unit
>> within
>> > IT, you dont need another IT guy to do this audit. If an auditor wants
>> > to
>> > check conformity to certain standards of your network for example, there
>> are
>> > very powerful tools a Finance guy can use.
>> >
>> > Cynthia I agree with you sometimes you can endure very unnecessary
>> questions
>> > from an incompetent auditor I remember a case where an auditor was
>> checking
>> > the competence of a hardware technician and he asked him 'Does the
>> computer
>> > has a motherboard?', the technician was so pissed he plainly just said
>> 'no
>> > this one uses a fatherboard'
>> >
>> >
>> > On Mon, Oct 19, 2009 at 3:04 PM, Joseph McDonald
>> > <
mcdonaldoj@gmail.com>wrote:
>> >
>> >> The confusion started,because there are few companies that normally do
>> >> independent IT audits.In most cases the IT audit is done as an
>> >> extension
>> >> of
>> >> the Financial audits hence you will find many accountants rushed to do
>> >> CISA.
>> >>
>> >> Secondly in any organisation the three P's are important
>> (People,Products
>> >> and Profits) systems and IT for that matter,in most cases are enablers
>> to
>> >> help the people,to move the products faster to the market and to
>> increase
>> >> efficiency hence profits.
>> >>
>> >> There are some IT audits which finance people with can perform
>> well.While
>> >> there are some areas which definately require some IT expertise for you
>> do
>> >> benefit fully from the said audit.
>> >>
>> >> Because a good audit should give the auditee and the organisation ways
>> for
>> >> corrective and preventive actions, and continual improvement.
>> >>
>> >>
>> >> On Mon, Oct 19, 2009 at 9:25 AM, Eric Mugo <
kabugum@gmail.com> wrote:
>> >>
>> >>> A Finance person auditing an IT infrastructure is like a Security
>> >>> Assessor
>> >>> auditing the end year results of a company. I find it very ironical
>> >>> and
>> >>> old
>> >>> school thinking from those days when I.T used to Fall under Finance
>> >>> department/Division. Back then, the systems were simple and geared
>> >>> towards
>> >>> very specific tasks. That is no longer the case nowadays.
>> >>>
>> >>> A company's systems infrastructure has become very comples, look at a
>> >>> situation where a company has several DMZ,s each hosting different
>> >>> systems,
>> >>> several Server Farms, Webhosting Facilities, a super big ERP....and
>> then
>> >>> you
>> >>> bring an accountant to do a security audit of the systems or rather
>> >>> perform
>> >>> an entire audit meaning management, financial and security
>> >>> audit....forgive
>> >>> me but i find it plain stupid!
>> >>>
>> >>> The positive thing is that most companies are now realising the
>> >>> importance
>> >>> of a information security role within their ranks. Once someone in
>> charge
>> >>> of
>> >>> security is in place then chances of being audited on Security by a
>> CPA-K
>> >>> are reduced because the I.T guy will spot their incomptencies from a
>> mile
>> >>> away...
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> On Mon, Oct 19, 2009 at 8:33 AM, Edmund Okumu
>> >>> <
edmund.okumu@gmail.com>wrote:
>> >>>
>> >>>> Most Audit firms do exactly that. It is not right at all to have a
>> >>>> finance guy audit IT. Let me state categorically that even if a
>> finance
>> >>>> person has taken the CISA exams and passed, they still don't qualify
>> to
>> >>>> audit IT as IT audit requires an IT Audit professional with some
>> >>>> level
>> >>>> of
>> >>>> deep understanding in the particular field of audit. Preferably the
>> >>>> IT
>> >>>> auditor should come from a technical background e.g. Systems
>> >>>> Development,
>> >>>> Systems and Network Administration or Database Administration.
>> >>>>
>> >>>> Such people employed by audit firms usually right nasty audit reports
>> >>>> based on findings that do not satisfy the expectations of the forms
>> >>>> downloaded from the Internet. The audit reports therefore do not give
>> a
>> >>>> true
>> >>>> reflection of the particular IT department of interest.
>> >>>>
>> >>>> Can someone from ISACA the kenyan chapter respond to this issue and
>> tell
>> >>>> us the way forward. We need some level of regulation on this.
>> >>>>
>> >>>>
>> >>>> On Sun, Oct 18, 2009 at 6:07 PM, Cynthia Wahome
>> >>>> <
cwahome@jambo.co.ke>wrote:
>> >>>>
>> >>>>> Dear All
>> >>>>> Let me get your thoughts on this.
>> >>>>>
>> >>>>> Is it right for a Finance guy to come and do an audit to an IT
>> >>>>> department
>> >>>>> yet the Finance guy has no clue about IT.
>> >>>>> I wont name the audit firm here but i wonder,when they go to the net
>> >>>>> and
>> >>>>> download a form then they come and ask you silly questions makes me
>> >>>>> question them
>> >>>>>
>> >>>>> People my question is this
>> >>>>> Who should do an IT audit? Finance People? or IT People
>> >>>>> I stand to be corrected
>> >>>>>
>> >>>>>
>> >>>>> ----------------------------------------------
>> >>>>> This message has been scanned for viruses and
>> >>>>> dangerous content by Jambo MailScanner, and is
>> >>>>> believed to be clean.
>> >>>>> ---------------------------------------------
>> >>>>> "easy access to the world"
>> >>>>>
>> >>>>> _______________________________________________
>> >>>>> Skunkworks mailing list
>> >>>>>
Skunkworks@lists.my.co.ke>> >>>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >>>>> ------------
>> >>>>> Skunkworks Rules
>> >>>>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >>>>> ------------
>> >>>>> Other services @
http://my.co.ke>> >>>>> Other lists
>> >>>>> -------------
>> >>>>> Announce:
>> >>>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >>>>> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science>> >>>>> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >>>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> --
>> >>>> Edmund C. O. Okumu
>> >>>> P.O Box 8490-00200,
>> >>>> Nairobi, Kenya.
>> >>>> TEL: 254-721-734935
>> >>>>
>> >>>>
>> >>>> _______________________________________________
>> >>>> Skunkworks mailing list
>> >>>>
Skunkworks@lists.my.co.ke>> >>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >>>> ------------
>> >>>> Skunkworks Rules
>> >>>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >>>> ------------
>> >>>> Other services @
http://my.co.ke>> >>>> Other lists
>> >>>> -------------
>> >>>> Announce:
>> >>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >>>> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science>> >>>> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >>>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> Skunkworks mailing list
>> >>>
Skunkworks@lists.my.co.ke
>> >>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks>> >>> ------------
>> >>> Skunkworks Rules
>> >>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94>> >>> ------------
>> >>> Other services @
http://my.co.ke
>> >>> Other lists
>> >>> -------------
>> >>> Announce:
>> >>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >>> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science>> >>> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >>>
>> >>
>> >>
>> >> _______________________________________________
>> >> Skunkworks mailing list
>> >>
Skunkworks@lists.my.co.ke
>> >>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks>> >> ------------
>> >> Skunkworks Rules
>> >>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94>> >> ------------
>> >> Other services @
http://my.co.ke
>> >> Other lists
>> >> -------------
>> >> Announce:
>> >>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science>> >> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >>
>> >
>> >
>> >
>> > --
>> > ----------------------------------------------------------------
>> > Joshua Amolo
>> > Cell: +254 720 263308/+255 783 060052
>> >
>> >
>> > Managing IT people is like herding cats
>> >
>>
>>
>> --
>> --
>> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
>> I.T Security Analyst and Penetration Tester
>>
infosigmer@inbox.com>>
>> {FORUM}
http://lists.my.co.ke/pipermail/security/
>>
http://nspkenya.blogspot.com/>>
http://chuksjonia.blogspot.com/>> _______________________________________________
>> Skunkworks mailing list
>>
Skunkworks@lists.my.co.ke>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> ------------
>> Skunkworks Rules
>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94>> ------------
>> Other services @
http://my.co.ke>> Other lists
>> -------------
>> Announce:
>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science>> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>>
>
>
>
> --
> ----------------------------------------------------------------
> Joshua Amolo
> Cell: +254 720 263308/+255 783 060052
>
>
> Managing IT people is like herding cats
>