Goal of Education: IT is regularly audited both in the government and in the business sector. Such critical infrastructures, as e.g. the financial and the energy sector have especially to be compliant to the laws, government decrees and European Union directives. From the viewpoint of the owners / mother companies an emphasized viewpoint is the quality of strategy support. Every member of the IT staff, even the developers of either data processing applications or those of the embedded systems have to be prepared to participate in audit interviews, exploring, if their results support corporate governance, and such information quality criteria as e.g. the availability, confidentiality and inrtegrity of the resource handling, the business continuity planning, and other aspects of IT security. The goal of subject Information System Audit is to support compliance to the most frequently required audit aspects.
Subjects: Professional audits are usually based on the COBIT (Control Objectives for IT) methodology of ISACA (Information Systems Audit and Control Association, on ISO (International Standards Organization) security standards and NIST (USA National Institute of Standards and Technology) recommendations. Besides these, we take EU (European Union) directives also into consideration, together with other internationally acknowledged materials, too.
The lecture gives, among other important issues, an overview of the professional best practice dealing with risk management, organizational, regulational and technical problems, together with their resolving, the development / acquisition of application systems, the business continuity plans, recommendations on outsourcing. We deal with the methods of auditing these issues, too.