Question

Discuss the IT auditing processes related to achieving maturity level 3 in a department. Can a continuous audit, similar to a formal IT audit, accomplish the self-assessment goals of ISO 9004:2000? In 300 words or less...

Answer 1

IT auditing process:     An IT audit is the examination and evaluation of an department's information technology, infrastructure, policy and operations. It determines whether IT control protect corporate assets, ensure data integrity and aligned with the goals of the business. It encompasses review and evaluation of automated information processing system related to non-automated processes and the interfaces among them.

IT auditing processes related to achieving maturity level 3 in a department:     The process of maturity brings better operations, peformance and results. It focuses on the importance of having structured process which allows to align us to do the business in our way. Maturity level 3 is considered to be a defined level. It is well understood, defined and formalized process for the organization. This means that organization's engineering processes are defined for areas such as Decision Analysis, Resolution, Integrated Project Management, Organizational Process Definition, process focus, training, product integration, requirement development, risk management, Technical solution, Validation and Verification.

Continuous audit: A continuous audit is an internal process audit that examine accounting practices, risk control, compliance, information technology systems and business procedures ongoing basis. This helps in the effective control of an organization.

IT audit:   An IT audit or information technology audit is an examination of the management control within an IT infrastructure. They are  safeguarding assets, maintaining data integrity and operating effectively the goals and objectives of an organization   

Self assessment goals of ISO 9004:2000: The ISO 9004 aims to provide instructions for the organiation's improved performance. The main purpose of ISO 9004 includes an effective and efficient way of identifying and fulfilling the needs of the customers. It also aims at achieving, maintaining and enhancing the overall level of performance of an organization. The 2000 version model of ISO intends to improve customer satisfaction and the effectiveness of the management system. ISO 9004 intends to improve the organization's quality performance. ISO 9004:2000 reflects the basis for the performance improvement in the most effective way of management practices related to the following: 1. Customer focus 2. Leadership 3. Involvement of people 4. Process & System approach to management 5. Continual improvement 6. Factual approach to Decision making 7. Mutually beneficial supplier relationship

Continuous auditing uses technological tools to gather information and analize the data quickly so that the auditor can perform audit activities in a quicker way. It ensures processes, policies and internal control of an organization Hence continous audit, similar to a formal IT audit, can be used to accomplish the self-assessment goals of ISO 9004:2000