The Concepts of an AuditAudit and Certification in Digital PreservationApril 14 – 16, 2004, AntwerpenJ. Pasmooij RE RA ROManager ICT Knowledge Center, Royal NIVRA, AmsterdamProgram Manager postgraduate IT-auditing curriculum Erasmus University, RotterdamApril 14, 2004 / 1Erasmus Universiteit RotterdamErasmus UniversiteitRotterdam. Postdoctorale opleidingen.Agenda• The objectives of an audit• The elements of an audit• Examples of auditsApril 14, 2004 / 2Erasmus Universiteit RotterdamErasmus UniversiteitRotterdam. Postdoctorale opleidingen.The objective of an auditThe objective of an audit is for the responsible party a way to proof compliance with legal and/or contractual terms, or suitable criteria.April 14, 2004 / 3Erasmus Universiteit RotterdamErasmus UniversiteitRotterdam. Postdoctorale opleidingen.The objective of an auditThe objective of an audit is for an (intended) user to learn more about the quality of the subject matter or compliance with legaland/or contractual terms or suitable criteria.April 14, 2004 / 4Erasmus Universiteit RotterdamErasmus UniversiteitRotterdam. Postdoctorale opleidingen.The objective of an auditThe objective of an audit is for a professional auditor to evaluate or measure a subject matter that is the responsibility of an other party against identified suitable criteria, and to express a conclusion(opinion) with a ...
Audit and Certification in Digital Preservation April 14 16, 2004, Antwerpen
J. Pasmooij RE RA RO Manager ICT Knowledge Center, Royal NIVRA, Amsterdam Program Manager postgraduate IT-auditing curriculum Erasmus University, Rotterdam
April 14, 2004 / 1
ErasmusUniversiteitRotterdam
Agenda
The objectives of an audit
The elements of an audit
Examples
April 14, 2004 / 2
of
audits
ErasmusUniversitietRotterdam
The objective of an audit
The objective of an audit is for the responsible party a way to proof compliance with legal and/or contractual terms , or suitable criteria .
April 14, 2004 / 3
ErasmusUniversitietRotterdam
The objective of an audit
The objective of an audit is for an (intended) user to learn more about the quality of the subject matter or compliance with legal and/or contractual terms or suitable criteria.
April 14, 2004 / 4
ErasumsUniversitietRotterdam
The objective of an audit
The objective of an audit is for a professional auditor to evaluate or measure a subject matter that is the responsibility of an other party against identified suitable criteria , and to express a conclusion (opinion) with a level of assurance about the subject matter for the intended user .
April 14, 2004 / 5
ErasmusUniversiteitRotterdam
The elements of an audit
Kind of audit / assurance engagements
A three party relationship
The subject matter
The scope of the audit
Suitable criteria
The audit process
The report
April 14, 2004 / 6
ErasmusUniversitietRotterdam
Kind of audit engagements
Attest (audit relates to a report or written assertion by the responsible party) Direct reporting (audit relates directly to the subject matter) A broad range of subject matters To provide high or moderate levels of assurance To report internally and/or externally Within the private or public sector
April 14, 2004 / 7
ErasumsUniversitietRotterdam
The auditor
The auditor has to observe: Integrity Objectivity Independency Professional competence and due care Confidentiality Professional behavior Application of technical standards The auditor should be: A member of a respected institute or organization with: quality control policies and procedures disciplinary rules a code of ethics auditing standards
April 14, 2004 / 8
ErasmusUniversiteitRotterdam
The subject matter
May be: A report / a management assertion (data / information)
A system (infrastructure / software) A process (organization / people / procedures A strategy / policy
Behavior
April 14, 2004 / 9
ErasmusUniversiteitRotterdam
The scope of the audit
Design (point in time) Design and operating (covering a period of time)
Focussing on specific criteria (for example): Compliance with Integrity Exclusivity / Confidentiality Continuity / Availability Auditability / Controllability Effectiveness Efficiency
April 14, 2004 / 10
ErasmusUniversiteitRotterdam
Suitable criteria
Criteria are the standards / requirements used to evaluate or measure the subject matter Suitable criteria are context-sensitive The characteristics are suitable when they are Relevant Reliable Neutral objective Understandable Complete Generally accepted Unequivocal