What Does an Information System Auditor Do?
Auditors are individuals who have been systematically trained and qualified, and evaluated and audited by authoritative certification bodies, and have the quality and ability to engage in audit work.
Auditor
- Auditors should have personal qualities to enable them to work in accordance with the audit principles described in Chapter 4.
- The auditor should:
- a) ethical, that is, fair, reliable, loyal, honest and cautious;
- b) open-minded, that is, willingness to consider different opinions or opinions;
- c) good at communication, that is, flexible interaction with people;
- d) good at observation, that is, proactive understanding of the surrounding environment and activities;
- e) Perceived, that is, the instinct to understand and understand the environment;
- f) strong adaptability, that is, easy to adapt to different situations;
- g) perseverance, that is, persistence in achieving goals;
- h) Be assertive, that is, draw timely conclusions based on logical reasoning and analysis;
- i) Self-reliance, that is, to work independently and play a role in effective interaction with others [1]
- Auditors should have knowledge and skills in the following areas:
- a) Audit principles, procedures and techniques: enable auditors to properly apply them to different audits and ensure audits
- Nuclear implementation is consistent and systematic. The auditor should be able to:
- ---- use audit principles, procedures and techniques;
- ---- Effectively plan and organize work;
- ---- as agreed
- The evaluation process includes four main steps.
- Step 1-Identify personal qualities, knowledge and skills to meet the needs of the audit plan
- In determining appropriate knowledge and skills, the following should be considered:
- ---- the size, nature and complexity of the audited organization
- ---- Aim and content of the audit plan
- ---- Certification requirements
- ---- The role of the audit process in the management of the audited organization
- The level of credibility required in the audit plan;
- ---- The complexity of the audited management system
- Step 2-Set up evaluation criteria
- Criteria can be quantitative (such as years of work experience and education, number of audits, hours of audit training), or qualitative (such as personal qualities, knowledge, or skills demonstrated during training or work).
- Step 3-choose the appropriate evaluation method
- Evaluation can be performed by one or more methods selected by one person or group. It should be noted:
- ---- The listed methods as the scope of selection may not be applicable in all cases;
- ---- The reliability of the different methods listed may be different;
- ---- In general, a comprehensive approach should be used to ensure that the results are objective, consistent, fair and credible.
- Step 4-Implement the evaluation
- In this step, the person information collected is compared with the criteria established in step 2. When people are not
- When the criteria are met, training, work experience, and / or auditing experience is required and re-evaluated.