Page 189 - DCOM509_ADVANCED

Page 189 - DCOM509_ADVANCED_AUDITING

P. 189

Advanced Auditing

Notes
The Government of Dubai has a strong commitment in the use of technology as a business
enabler in achieving its strategic positioning as a business hub of the region. The direct
benefits of this have been realized through greater interactions among the government
departments and the ease of doing business in Dubai. The Government has reinforced its
commitment to good corporate and IT governance to provide services, secure information,
protect privacy and nurture best practices to meet the growing challenges of adapting to
economic advancement and social changes.

Information Systems Audits
To provide assurance on IT governance and encourage the adoption of leading practices
for IT governance within government entities, an information system/technology audit
function has been commissioned since 2000. The following mission statement was adopted
for the Information System Audit section of the FAD.

Mission
To assess whether the governance, control and risk management of information systems:

1. Safeguard assets
2. Maintain integrity, confidentiality and availability
3. Achieve organizational goals effectively

4. Consume resources efficiently
5. Comply with the leading practices and applicable regulations

6. Align with the vision of the Government of Dubai
Benefits of using COBIT as a framework
Team members of the information systems audit section of FAD are mostly members and
certified professionals of ISACA, either they hold the Certified Information Systems Auditor
(CISA) or Certified Information Security Manager (CISM) or Certified in the Governance
of Enterprise IT (CGEIT) designation. The team assumes the responsibility as internal
champions for adopting ISACA/ITGI resources as required.

The Control Objectives for Information and related Technology (COBIT), IT governance
framework, developed by ISACA’s affiliate, the IT Governance Institute (ITGI), had already
been adopted as the resource serving as the overall framework for information systems
audit methodology since 2000.

The information systems audit section of FAD recognized the need to be proactive. Hence,
from merely using COBIT resources for assurance, the team decided to promote the best
practices of COBIT resources among its audit community. COBIT provides control
objectives, control practice statements and other resources supporting assurance processes
as a global reference framework and benchmark.
As a significant step, the section has pioneered and implemented an IT Governance maturity
model assessment as an integral part of all major IS Audits, since 2001. This is based on the
COBIT maturity model and was a unique audit methodology in the government sector
within UAE/GCC countries.

Contd....

184 LOVELY PROFESSIONAL UNIVERSITY

184 185 186 187 188 189 190 191 192 193 194