On 10/19/09, Joshua Amolo <
joshua.amolo@gmail.com> wrote:
> I dont think there is naything wrong with a Finance guy auditing IT.
>
> The issue should be what's the purpose of the audit. The purpose will give a
> clear scope and the necessary competence to undertake the the audit.
>
> For example if you were to audit the financial sense of having a unit within
> IT, you dont need another IT guy to do this audit. If an auditor wants to
> check conformity to certain standards of your network for example, there are
> very powerful tools a Finance guy can use.
>
> Cynthia I agree with you sometimes you can endure very unnecessary questions
> from an incompetent auditor I remember a case where an auditor was checking
> the competence of a hardware technician and he asked him 'Does the computer
> has a motherboard?', the technician was so pissed he plainly just said 'no
> this one uses a fatherboard'
>
>
> On Mon, Oct 19, 2009 at 3:04 PM, Joseph McDonald
> <
mcdonaldoj@gmail.com>wrote:
>
>> The confusion started,because there are few companies that normally do
>> independent IT audits.In most cases the IT audit is done as an extension
>> of
>> the Financial audits hence you will find many accountants rushed to do
>> CISA.
>>
>> Secondly in any organisation the three P's are important (People,Products
>> and Profits) systems and IT for that matter,in most cases are enablers to
>> help the people,to move the products faster to the market and to increase
>> efficiency hence profits.
>>
>> There are some IT audits which finance people with can perform well.While
>> there are some areas which definately require some IT expertise for you do
>> benefit fully from the said audit.
>>
>> Because a good audit should give the auditee and the organisation ways for
>> corrective and preventive actions, and continual improvement.
>>
>>
>> On Mon, Oct 19, 2009 at 9:25 AM, Eric Mugo <
kabugum@gmail.com> wrote:
>>
>>> A Finance person auditing an IT infrastructure is like a Security
>>> Assessor
>>> auditing the end year results of a company. I find it very ironical and
>>> old
>>> school thinking from those days when I.T used to Fall under Finance
>>> department/Division. Back then, the systems were simple and geared
>>> towards
>>> very specific tasks. That is no longer the case nowadays.
>>>
>>> A company's systems infrastructure has become very comples, look at a
>>> situation where a company has several DMZ,s each hosting different
>>> systems,
>>> several Server Farms, Webhosting Facilities, a super big ERP....and then
>>> you
>>> bring an accountant to do a security audit of the systems or rather
>>> perform
>>> an entire audit meaning management, financial and security
>>> audit....forgive
>>> me but i find it plain stupid!
>>>
>>> The positive thing is that most companies are now realising the
>>> importance
>>> of a information security role within their ranks. Once someone in charge
>>> of
>>> security is in place then chances of being audited on Security by a CPA-K
>>> are reduced because the I.T guy will spot their incomptencies from a mile
>>> away...
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Oct 19, 2009 at 8:33 AM, Edmund Okumu
>>> <
edmund.okumu@gmail.com>wrote:
>>>
>>>> Most Audit firms do exactly that. It is not right at all to have a
>>>> finance guy audit IT. Let me state categorically that even if a finance
>>>> person has taken the CISA exams and passed, they still don't qualify to
>>>> audit IT as IT audit requires an IT Audit professional with some level
>>>> of
>>>> deep understanding in the particular field of audit. Preferably the IT
>>>> auditor should come from a technical background e.g. Systems
>>>> Development,
>>>> Systems and Network Administration or Database Administration.
>>>>
>>>> Such people employed by audit firms usually right nasty audit reports
>>>> based on findings that do not satisfy the expectations of the forms
>>>> downloaded from the Internet. The audit reports therefore do not give a
>>>> true
>>>> reflection of the particular IT department of interest.
>>>>
>>>> Can someone from ISACA the kenyan chapter respond to this issue and tell
>>>> us the way forward. We need some level of regulation on this.
>>>>
>>>>
>>>> On Sun, Oct 18, 2009 at 6:07 PM, Cynthia Wahome
>>>> <
cwahome@jambo.co.ke>wrote:
>>>>
>>>>> Dear All
>>>>> Let me get your thoughts on this.
>>>>>
>>>>> Is it right for a Finance guy to come and do an audit to an IT
>>>>> department
>>>>> yet the Finance guy has no clue about IT.
>>>>> I wont name the audit firm here but i wonder,when they go to the net
>>>>> and
>>>>> download a form then they come and ask you silly questions makes me
>>>>> question them
>>>>>
>>>>> People my question is this
>>>>> Who should do an IT audit? Finance People? or IT People
>>>>> I stand to be corrected
>>>>>
>>>>>
>>>>> ----------------------------------------------
>>>>> This message has been scanned for viruses and
>>>>> dangerous content by Jambo MailScanner, and is
>>>>> believed to be clean.
>>>>> ---------------------------------------------
>>>>> "easy access to the world"
>>>>>
>>>>> _______________________________________________
>>>>> Skunkworks mailing list
>>>>>
Skunkworks@lists.my.co.ke
>>>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>>>>> ------------
>>>>> Skunkworks Rules
>>>>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>>>>> ------------
>>>>> Other services @
http://my.co.ke
>>>>> Other lists
>>>>> -------------
>>>>> Announce:
>>>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>>>>> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>>>>> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Edmund C. O. Okumu
>>>> P.O Box 8490-00200,
>>>> Nairobi, Kenya.
>>>> TEL: 254-721-734935
>>>>
>>>>
>>>> _______________________________________________
>>>> Skunkworks mailing list
>>>>
Skunkworks@lists.my.co.ke
>>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>>>> ------------
>>>> Skunkworks Rules
>>>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>>>> ------------
>>>> Other services @
http://my.co.ke
>>>> Other lists
>>>> -------------
>>>> Announce:
>>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>>>> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>>>> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>>>>
>>>
>>>
>>> _______________________________________________
>>> Skunkworks mailing list
>>>
Skunkworks@lists.my.co.ke
>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>>> ------------
>>> Skunkworks Rules
>>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>>> ------------
>>> Other services @
http://my.co.ke
>>> Other lists
>>> -------------
>>> Announce:
>>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>>> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>>> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>>>
>>
>>
>> _______________________________________________
>> Skunkworks mailing list
>>
Skunkworks@lists.my.co.ke
>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> ------------
>> Skunkworks Rules
>>
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> ------------
>> Other services @
http://my.co.ke
>> Other lists
>> -------------
>> Announce:
>>
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> Science:
http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> kazi:
http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>>
>
>
>
> --
> ----------------------------------------------------------------
> Joshua Amolo
> Cell: +254 720 263308/+255 783 060052
>
>
> Managing IT people is like herding cats
>