The confusion started,because there are few companies that normally do independent IT audits.In most cases the IT audit is done as an extension of the Financial audits hence you will find many accountants rushed to do CISA.

Secondly in any organisation the three P's are important (People,Products and Profits) systems and IT for that matter,in most cases are enablers to help the people,to move the products faster to the market and to increase efficiency hence profits.

There are some IT audits which finance people with can perform well.While there are some areas which definately require some IT expertise for you do benefit fully from the said audit.

Because a good audit should give the auditee and the organisation ways for corrective and preventive actions, and continual improvement.

On Mon, Oct 19, 2009 at 9:25 AM, Eric Mugo <kabugum@gmail.com> wrote:
A Finance person auditing an IT infrastructure is like a Security Assessor auditing the end year results of a company. I find it very ironical and old school thinking from those days when I.T used to Fall under Finance department/Division. Back then, the systems were simple and geared towards very specific tasks. That is no longer the case nowadays.

A company's systems infrastructure has become very comples, look at a situation where a company has several DMZ,s each hosting different systems, several Server Farms, Webhosting Facilities, a super big ERP....and then you bring an accountant to do a security audit of the systems or rather perform an entire audit meaning management, financial and security audit....forgive me but i find it plain stupid!

The positive thing is that most companies are now realising the importance of a information security role within their ranks. Once someone in charge of security is in place then chances of being audited on Security by a CPA-K are reduced because the I.T guy will spot their incomptencies from a mile away...



 

On Mon, Oct 19, 2009 at 8:33 AM, Edmund Okumu <edmund.okumu@gmail.com> wrote:
Most Audit firms do exactly that. It is not right at all to have a finance guy audit IT. Let me state categorically that even if a finance person has taken the CISA exams and passed, they still don't qualify to audit IT as IT audit requires an IT Audit professional with some level of deep understanding in the particular field of audit. Preferably the IT auditor should come from a technical background e.g. Systems Development, Systems and Network Administration or Database Administration.

Such people employed by audit firms usually right nasty audit reports based on findings that do not satisfy the expectations of the forms downloaded from the Internet. The audit reports therefore do not give a true reflection of the particular IT department of interest.

Can someone from ISACA the kenyan chapter respond to this issue and tell us the way forward. We need some level of regulation on this.


On Sun, Oct 18, 2009 at 6:07 PM, Cynthia Wahome <cwahome@jambo.co.ke> wrote:
Dear All
Let me get your thoughts on this.

Is it right for a Finance guy to come and do an audit to an IT department
yet the Finance guy has no clue about IT.
I wont name the audit firm here but i wonder,when they go to the net and
download a form then they come and ask you silly questions makes me
question them

People my question is this
Who should do an IT audit? Finance People? or IT People
I stand to be corrected


----------------------------------------------
This message has been scanned for viruses and
dangerous content by Jambo MailScanner, and is
believed to be clean.
---------------------------------------------
"easy access to the world"

_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke
Other lists
-------------
Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general



--
Edmund C. O. Okumu
P.O Box 8490-00200,
Nairobi, Kenya.
TEL: 254-721-734935
       

_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke
Other lists
-------------
Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general


_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke
Other lists
-------------
Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general