ABSTRACT
This research tends to
examine information technology and systems audit with reference to First
Bank Nigeria Plc.
The research employ survey
design and a simple random sampling technique was adopted for selection of
respondents the questionnaires were administered to. A sample of twenty (20)
was drawn from the entire population.
Data gathered from the
respondents were presentated on tables in percentage. Two hypotheses were
formulated and tested with use of Chi-square analysis. The results of the test
shows that Information Technology and Systems Audit has a
positive influence on the Banking sector in Nigeria and Systems Audit has a
positive impact on the computer systems security and information security
within an organisation.
Recommendations were proffered to banks to implore
the use of information technology.
TABLE OF CONTENT
CHAPTER 1 INTRODUCTION
1.1 Background Information
1.2 Statement
of the problem
1.3 Aims of the study
1.4 Objectives of the study
1.5 Research Methodology
1.6 Research Questions
1.7 Research Hypotheses
1.8 Significance of the Study
1.9 Limitations/Scope of the Study
1.10 Research Outline
CHAPETR 2 REVIEW
OF LITERATURE
2.1 Introduction
2.2 An overview of Information Technology
Audit
2.3 Types of Information System
2.4 Information Systems Audit Process
2.5 Information technology and Systems Audit
2.6 Objectives of Information Systems Audit
2.7 Information System Audit Methodology
2.8 Summary of Related Literature
CHAPTER 3 RESEARCH
METHODOLOGY
3.1 Research Design
3.2 Research Population
3.3 Tools for collecting data
3.4 Data Analysis and Procedures
CHAPTER 4 DATA
PRESENTATION AND ANALYSIS
4.1 Introduction
4.2 Demographic Data of respondents
4.3 Analysis of Research Questions
4.4 Analysis of Research Hypotheses
CHAPTER 5 SUMMARY
OF FINDINGS, CONCLUSION AND RECOMMENDATION
5.1 Summary of Findings
5.2 Conclusion
5.3 Recommendations
BIBLIOGRAPHY
CHAPTER ONE
INTRODUCTION
1.1 BACKGROUND
INFORMATION
Information according to Information
Systems Audit and Control Association (ISACA) was defined as data endowed with
meaning and purpose. Today, information plays an increasingly important role in
all aspects of our lives. Information has become an indispensable component for
conducting business for virtually all organizations. In a growing number of
companies, information is the business. Some might not think of software as
information, but it is simply information for computers on how to operate or
process something. In addition, a significant amount of data is created and
distributed by end users without involving the IT organisation.
Traditional
organisations have undergone radical transformations in the information age as
well. The graphic arts and printing industry, for example, deals almost
entirely with information in digital form. Artwork and masters are no longer
physical drawings on pieces of film but blocks of information stored on hard
disks. Finally, many other organisations continue to strive for a paperless
environment as well.
It
would be difficult to find a business that has not been touched by information
technology and is not dependent on the information it processes. Information
systems have become pervasive in global society and business, and the
dependence on these systems and the information they handle is arguably absolute.
The trend of escalating value of and dependence on information has increased
exponentially.
Information Technology
Auditing (IT auditing) began as Electronic Data Process (EDP).
Auditing are developed largely as a result of the rise in technology in accounting systems, the
need for IT control, and the impact of computers
on the ability to perform attestation services. The last few years have been an
exciting time in the world of IT auditing as a result of the accounting
scandals and increased regulation. IT auditing has had a relatively short yet
rich history when compared to auditing as a whole and remains an ever changing
field.
The introduction of computer technology into accounting systems
changed the way data
was stored, retrieved and controlled. It is believed that the first use of a
computerized accounting system was at General Electric
in 1954. During the period of 1954 to the mid-1960s, the auditing profession
was still auditing
around the computer. At this time only mainframe computers were used and few people
had the skills and abilities to program computers. This began to change in
the mid-1960s with the introduction of new, smaller and less expensive
machines. This increased the use of computers in businesses and with it came
the need for auditors
to become familiar with EDP concepts in business.
Along with the increase in computer use, came the rise of different types of
accounting systems. The industry soon realized that they needed to develop
their own software
and the first of the generalized audit software (GAS) was developed. In 1968,
the American Institute
of Certified Public Accountants (AICPA)
had the Big Eight (now the Big Four)
accounting firms participate in the development of EDP auditing. The result of
this was the release of Auditing & EDP. The book included how to
document EDP audits and examples of how to process internal control reviews.
Around this time EDP auditors
formed the Electronic Data Processing Auditors Association (EDPAA). The goal of
the association was to produce guidelines, procedures and standards for EDP
audits. In 1977, the first edition of Control Objectives was published.
This publication is now known as Control Objectives for Information
and related Technology (CobiT). CobiT is the set of
generally accepted IT control objectives for IT auditors. In 1994, EDPAA
changed its name to Information Systems Audit and Control Association (ISACA).
The period from the late 1960s through today has seen rapid changes in
technology from the microcomputer
and networking
to the internet
and with these changes came some major events that change IT auditing forever.
The
relentless advance of IT and the unparalleled ability to access, manipulate and
use information has brought enormous benefits and opportunities to the global
economy (ISACA). It has also brought unparalleled new risks, ethical dilemmas,
and a confounding pathwork of existing and pending laws and regulations, as
well as social changes and related issues such as telecommuting and increased
mobility.
Executive
management is increasingly confronted by the need to stay competitive in the
global economy and heed the promise of greater gains from the deployment of
more information resources. But even as organisations reap those gains, the
twin spectres of increasing dependence on information and the systems that
support it and advancing risks from a host of threats are forcing management to
face difficult decisions about how to effectively address information security.
In addition, scores of new and existing laws and regulations are increasingly
demanding compliance and higher levels of accountability.
Information security related to privacy of
information, and information security itself, addresses the universe of risks,
benefits and processes involved with information, and must be driven by
executive management and supported by the board of directors.
Information
security governance according to IT Governance Institute (2003) is the
responsibility of the board of directors and executive management, and must be
an integral and transparent part of enterprise governance. Information security
governance consists of the leadership, organisational structures and processes
that safeguard information. As in the case of controls, nothing has changed
with respect to the basic premise of information as an asset. What has changed
is the platform and repositories used for collecting, processing and storing
information. This explains why the board and executive management continue to
be responsible and accountable for the organisation’s most valuable asset,
which is information.
1.2 STATEMENT OF THE PROBLEM
The
following lists of the statement of the problem are not exclusive but give an
insight into the number and magnitude of these problems:
- There is the problem of knowledge gap in the dynamics of
Information Systems Audit i.e. people have failed to update themselves on
the current issues as it relates with Information Systems Audit.
- There is also the problem of non-chalant attitude on the part of
some of the Information System Auditors who have refused to do in-depth
work in the course of their job.
1.3 AIMS OF THE STUDY
The
aim of this project is to:
(a)
To understand the concept of
Information Technology and Systems audit in the financial sector of Nigeria and
how it plays a very important role especially in the banking sector
(b)
To show the relevance of
information technology and systems audit in First Bank.
1.4 OBJECTIVES OF THE STUDY
The
objectives of the study are:
1.
To ascertain that Security
provisions protect computer equipment, programs, communication and data from
unauthorized access, modifications or destruction.
2.
To ascertain program development
and acquisition are performed in accordance with management’s general and
specific authorization.
- To determine an overview of Information Technology Audit.
- To ascertain the types of
Information Technology Audit.
- To examine Information
Systems Audit process.
- To establish the
relationship Information Technology and Systems Audit.
1.5
RESEARCH METHODOLOGY
Questionnaire was designed and
administered to collect data which was analysed to solve some research
questions and hypothesis. Methods or analysis are based on simple percentage
and chi-square analysis.
1.6
RESEARCH QUESTIONS
Answers to the following
questions will serve as solutions to the statement of the problems.
a.
Does the organisation carry out
her systems audit using the current control objectives?
b.
Does the organisation depend on
their system for effectiveness?
c.
The information system personnel
employed in the company are highly skilled and have good educational
background.
d.
Are all passwords changed
regularly especially the system administrator’s?
e.
Does the organisation have
adequate third party technology support?
f.
Does the company encourage
continuing technology education?
g.
Does the organisation have
backup systems to save vital information?
h.
Does the company carry out
hardware review evaluation on a periodic basis?
i.
Does the organisation carry out
software review evaluation?
j.
Does the company assess the risk
of server going down and upgrading it?
1.7 RESEARCH HYPOTHESES
H0 Information Technology and Systems Audit has a
positive influence on the Banking sector in Nigeria.
H1 Information Technology and Systems Audit does
not have a positive influence on the Banking sector in Nigeria.
H0 Systems Audit has a positive impact on the
computer systems security and information security within an organisation.
H1 Systems Audit does not have any impact on
computer systems security and information security within an organisation.
1.8
SIGNIFICANCE OF THE STUDY
1.
The impact of information
technology in business in terms of information and as a business enabler. It
has increased the ability to capture, store, analyze, and process tremendous
amounts of data and information, which has increased the empowerment of the business
decision maker.
2
Professional associations
and organizations, and government entities recognized the need for IT control
and audit ability.
3
Corporate and
information processing management recognized that computers were key resources
for competing in the business environment and similar to other valuable
business resource within the organization, and therefore, the need for control
and audit ability is critical.
4
The need by Auditor to use computers to
perform attested function.
5
To ensure integrity of information system and reporting of
organisation finances to
avoid and hopefully prevent future
financial fiasco
1.9 LIMITATIONS/SCOPE
OF THE STUDY
The
scope of this study was limited to First Bank of Nigeria Plc a financial
institution. It focused on the relevance of information technology in
information system audit.
The
limitations encountered in the study are as follows:
- The problem of classified information
which has affected the research of the study.
- Some respondents did not return the
questionnaires given to them.
- The data involved in the study is too
voluminous for a test of accuracy.
- Some workers in First Bank were not
co-operative and so they could not provide useful information.
1.10
RESEARCH OUTLINE
The study is broken down into 5
chapters and each chapter address the purpose of this paper work:
Chapter 1 Introduction
This should create a picture or
overview of what the reader should expect in the study
Chapter 2 Review of Relevant Literature
This would show an in depth
explanation into the scope of the study.
Chapter 3 Systems Designs/Design Methodology
This chapter will deal with the
methods and procedures used in the research work. It will also describe the
design of the study, area of the study, the population, the sample and sampling
techniques. The method and instrument of data collection will be examined.
Chapter 4 Analysis of Results
It is concerned with the
presentation, analysis and interpretation collected from the research. The analysis
is based on findings extracted from the questionnaires that would be
distributed.
Chapter 5 Summary, Conclusion and Recommendation
This chapter will summarize,
conclude and make recommendations for this write up.
Login To Comment