+1 Kivuva,

There are some Business/Commerce Graduates/Accountants with CISA qualifications who can do some pretty good IS-Audits.  But more often than not, these are those with an extra IT background e.g Diplomas in IT or what used to be the pre-univ IT course IMIS or IDPM during the late 90s/early 2000s.

Strictly speaking, IS- Audits are quite complex EVEN for IT/CS graduates with CISA qualifications.

Bottom line is for each IS Auditor to acknowledge their weak areas and rope in the necessary competencies to complement their gaps.  Something that requires honesty or humility.  Most practicing IS auditors may not want to concede on this point (nor share the money) and subsequently go  ahead and sign off IS-Audits report that are not value adding to the client.

I call this a 'Checklist-Audit' rather than an IS-Audit.  Perhaps that is what CBK has been getting and accepting from the banks who know that CBK may not bother to dig deeper into these IS Audit reports.

walu.


From: Mwendwa Kivuva via kictanet <kictanet@lists.kictanet.or.ke>
To: jwalu@yahoo.com
Cc: Mwendwa Kivuva <Kivuva@transworldafrica.com>; KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke>
Sent: Wednesday, April 27, 2016 6:38 PM
Subject: Re: [kictanet] CBK lacks tech savvy team to survey local lenders

Dr Waudo, you are correct in that assertion, but just partially. Remember the IFMIS system "hacking" that happened a year ago? A very highly placed person made allegations that systems were compromised, etc.
Some years back, the Minister of Finance claimed of a "software bug" that inserted a typing error into his budget figures. There was also such reports from KNEC on "software bugs".
If you are an ICT expert, you would always be able to read in between the line. And that is where ICT AUDITORS need to curve their niche. Not just cross over auditors, but ICT pros.
Regards
On Apr 27, 2016 6:40 PM, "waudo siganga" <emailsignet@mailcan.com> wrote:
Hi Kivuva,
 
My understanding, although of course open to correction, is that IT Systems Auditors are essentially certified auditors with specialist training and skills to audit "through" and "around" IT systems. I would envisage someone with an auditing qualification backed up with a supplementary qualification is systems auditing but at the end of the day this person is an AUDITOR. In addition the training for today's certified auditors already includes systems audit as a subject. So the key skill is auditing, supplemented by systems knowledge. If this is the case then these professionals are already covered under statutory provisions.
 
Waudo 
 
On Wed, Apr 27, 2016, at 04:25 PM, Mwendwa Kivuva via kictanet wrote:
 
On 27 April 2016 at 16:12, Paul Roy <roykoikai@gmail.com> wrote:
Last - As long as I am a the helm of ISACA Kenya, I would like to open up our doors to the various experts within the industry who are willing to retrain IT auditors, IT Security professionals to consider ISACA as an ally. Let us work together, talk to me, come for one of the evening talks and let us grow and strengthen the profession. 

Hi Paul,
 
Thanks for the elaborate reply. 
 
My main concern is if it's legislated that people with valid IT Systems Audit certifications are the only ones doing IT audits for public interest organisations. The way only Lawyers can only do certain duties, or CPAs. Is this something feasible?
 
Regards
 
______________________
Mwendwa Kivuva, Nairobi, Kenya
twitter.com/lordmwesh

 
_______________________________________________
kictanet mailing list
 
 
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
 
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.