15
exercise
to
ensure
that
the
basic
controls required
for
the
business
exist
in
the
re-
engineered processes.
3. The IT security policy
An
IS
auditor
due
to
extensive
engagement
with
an
organization
,
is
able
to
say
which
parts
of
the
policy
are
complied with and can also offer suggestions on
improving compliance or making suitable changes to the policy. The IS auditor also
comes across systems or situations that may not adequately addressed in the policy
and offers guidance on the areas. Proactive IS audit function can make all the
difference
between
an
effective
IT
security
policy
and control
perspective,
an
organization without an IT security policy would be considered relatively more
secure than an organization with a dormant, non-implementable, IT security policy.
4. Security awareness
An
effective IS
auditor
helps
increase
levels
of
security
awareness
and compliance
with security measures among IT users. This also provides motivation to the security
officers
and
system
administrators
to
their
jobs
effectively.
Consequently,
business
continuity preparedness also remains at a high level.
5. Better Return of Investment (ROI)
IS auditors today, are concerned not just with security and controls, but also with IT
governance,
which
includes
performance
measurement,
value
for
IT
investments,
and alignment of IT and business. The profession of IS audit is gradually being
aligned
to
the
profession
of
IT
Governance. Therefore, and
IS auditor for an
organization
helps
in
effective
and
efficient
use
of
IT
for
fulfilling
business
objectives. Thus, management concerns, like ROI, are taken care
of by IS auditor
while prescribing IT contracts.
 |