Prevalent use of information technologies in both private and public sector has brought not only opportunities but also various challenges in terms of security, confidentiality, reliability and integrity of information. By the same token, it has led to a fundamental change in the internal control environment and nature of audit evidence. Hence, it has become compulsory to design new audit procedures in order for successful implementation of audits. This study broadly defines information technology audit and provides a comprehensive explanation of the experiences of the Turkish Court of Accounts and recommendations for supreme audit institutions (SAI)
Bilişim Teknolojileri Denetimi ve Türk Sayıştayı Uygulaması
Öz
Bilişim teknolojilerinin kamu ve özel sektörde yoğun kullanımı, fırsatlarla birlikte bilginin güvenliği, gizliliği, güvenilirliği ve bütünlüğü hususlarında birtakım güçlükleri de beraberinde getirmiştir. Aynı şekilde, iç kontrol ortamı ve denetim kanıtının doğasında ciddi değişikliklere yol açmıştır. Bu nedenle, denetimlerin başarılı bir şekilde yürütülebilmesi için yeni denetim prosedürlerinin oluşturulması zorunlu hale gelmiştir. Bu çalışma, genel hatlarıyla bilişim teknolojileri denetimini açıklamakta ve Türk Sayıştayının deneyimleri hakkında ayrıntılı bir izahat ve yüksek denetim örgütleri (YDK) için öneriler ortaya koymaktadır.
Ahmet Topkaya, (2011) “Management of Information Technologies and Audit Principles”, Journal of External Audit: July, August, September 2011, No. 5, pp. 23-36.
Dan Schroeder and Tommie Singleton, (2010) “Implementing the IT-Related Aspects of Risk-Based Auditing Standards” , The CPA Journal: July 2010, pp. 66-71.
Davut Ozkul, (2002) IS Audit, Unpublished Master Thesis, Ankara.
European Court of Auditors –ECA, (2011) “Guideline for Audit of IT Environment”, Luxembourg: ECA.
General Accountability Office – GAO, (2009) “Federal Information System Controls Audit Manual”, USA: GAO, http://www.gao.gov/new.items/d09232g.pdf, (Accessed at 10.05.2014).
Gürkan Akbaş, (2011) “Important of Basic IT Audit within a Financial Audit”, Journal of External Audit: July, August, September 2011, No. 5, pp. 9-16.
Information Technology and Innovation Foundation - ITIF, (2008), “Why Is the Digital Information Revolution So Powerful?” http://www.itif.org/files/DQOL-1.pdf (Accessed at 01.12.2013).
International Organization of Supreme Audit Institutions - INTOSAI, (1996) “IT Controls Student Notes”, Vienna:INTOSAI. International Organization of Supreme Audit Institutions – INTOSAI, (2002) “Information Technology Audit General Principles”, Vienna: INTOSAI http://intosaiitaudit.org/India_GeneralPrinciples.pdf (Accessed at 01.12.2013).
International Organization of Supreme Audit Institutions – INTOSAI, (2007) “Introduction to IT Audit”, Vienna INTOSAI. ISACA, (2007) COBIT 4.1, USA:ISACA.
ISACA, (2010) CISA Review Manual 2010, USA:ISACA.
ISACA, (2012) “ISACA Glossary of Terms”, USA:ISACA.
ISACA, (2013) “A Professional Practices Framework for IS Audit/Assurance”, USA: ISACA.
Jagdish Pathak, (2005) Information Technology Auditing, Germany: Springer.
Musa Kayrak, (2012a) “Information Technology Audit in the Context of Information Criteria”, Journal of Turkish Court of Accounts: October-December 2011, No. 87, pp. 143-167.
Musa Kayrak, (2012b) “IT Audit Training Notes to the Assistant Auditors of the TCA”, Ankara: TCA.
National Audit Office – NAO, (2002) “Auditing in an IT Environment”, UK: NAO.
alphanumeric journal has been publishing as "International Peer-Reviewed
Journal" every six months since 2013. alphanumeric serves as a vehicle for researchers and
practitioners in the field of quantitative methods, and is enabling a process of sharing in all
fields related to the operations research, statistics, econometrics and management informations
systems in order to enhance the quality on a globe scale.