Scribd
Upload
34 views2 pages

Differentiate Between Internal and External Auditors in Terms of Their Roles and Responsibilities

The document discusses the roles and responsibilities of internal and external auditors. It defines IT audit and explains why organizations undertake IT auditing. It describes what IT auditors do and provides five example information security policies that an IT auditor may share with clients.

Uploaded by

Joyce
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
34 views2 pages

Differentiate Between Internal and External Auditors in Terms of Their Roles and Responsibilities

The document discusses the roles and responsibilities of internal and external auditors. It defines IT audit and explains why organizations undertake IT auditing. It describes what IT auditors do and provides five example information security policies that an IT auditor may share with clients.

Uploaded by

Joyce
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

1.

Differentiate between internal and external auditors in terms of their roles


and responsibilities.
Internal control auditing is a discipline in its own right, with many
similarities to external IT auditing but differing in many ways in terms of the
technical expertise, operational knowledge, and level of detail required to
conduct effective internal IT audits.  Internal auditors frequently work as
employees of the organizations they audit, which results in an understanding of
organization-specific IT environments, controls, information systems, and
operational characteristics that is difficult, if not impossible, to replicate in
outsourced internal auditors or external auditors. Internal auditors in a well-
structured internal IT audit program also understand mission and business
processes, as well as organizational goals and objectives, which provide a
clear context for an organization's IT resources and associated controls.
External IT audits, on the other hand, are performed by auditors and entities
outside of the organization subject to the audits. External audits can be
performed by a single auditor or a team, depending on the size of the
organization and the scope and complexity of the IT audit. In general, an
organization's relationship with its external auditors is established and
managed at the entity level— that is, companies hire outside corporations or
professional organizations to undertake the types of IT audits that are needed
or required.

2. In your own words, define IT audit?


For me, an audit is simply an official examination of one's financial records.
An information technology audit is thus an official examination of an
organization's IT infrastructure, policies, and operations. It also includes an
evaluation to make suggestions for improvements.

3. Why organizations undertake IT Auditing?


IT auditors are in a unique position to assess the significance of a specific
system to the enterprise as a whole. As a result, the IT auditor is frequently
involved in senior management decision making. The role of an IT auditor can
be examined through the process of IT governance and the existing standards
of professional practice for this profession. As previously stated, IT governance
is an organizational involvement in the management and review of the use of
information technology in achieving the organization's goals and objectives.

AUDIT AND CONTROLS


Learning Enhancement (Module 1) Mr. Ken Balogo
4. Describe in your own words what do IT auditors do.
In the financial world, an IT auditor will focus on evaluating the
effectiveness and competence of the company's IT systems and internal controls
against policies and regulations. This may necessitate that the IT auditor
conduct research, interpret, and evaluate compliance expectations in relation
to contractual requirements or government regulations. When external auditors
are required, IT auditors collaborate with them. They also assist in guiding the
company's operations in terms of accounting irregularities, compliance flaws,
and internal controls. After completing an audit, an IT auditor will spend time
preparing results for presentation to stakeholders like as shareholders,
management, or regulatory agencies. After that, the IT auditor will give
process improvement recommendations as well as mandatory remedial
measures. They support the company's efforts in business ethics, risk
management, organizational structure, business processes, and governance
supervision by conducting ad hoc internal reviews and operational audits of IT
on a regular basis.

5. One of the roles of the IT auditor is to act as a Counselor to organizations.


As a Counselor, IT auditors can assist organizations in developing policies,
procedures, standards, and/or best practices, such as an information security
policy. Using the characteristics of a good information security policy,
develop five information security policies you would share with your client.

These are the Five Information Security Policies that might help and share to
my clients:

1. Create a security circle/team that you can rely on to manage the security
and policy department.
2. Specifying suitable use rules for users and defining access rights and
privileges to protect assets from losses, disclosures, or damages.
3. Established guidelines for external communications (networks).
4. Setting privacies that defined as having “reasonable expectations” when
it comes to issues like monitoring people's activities.
5. Acknowledging that information owners, custodians, and clients must
report irregularities and safeguard its use and dissemination.

AUDIT AND CONTROLS


Learning Enhancement (Module 1) Mr. Ken Balogo

You might also like