Re: [kictanet] CBK lacks tech savvy team to survey local lenders
Dr Waudo, you are correct in that assertion, but just partially. Remember the IFMIS system "hacking" that happened a year ago? A very highly placed person made allegations that systems were compromised, etc. Some years back, the Minister of Finance claimed of a "software bug" that inserted a typing error into his budget figures. There was also such reports from KNEC on "software bugs". If you are an ICT expert, you would always be able to read in between the line. And that is where ICT AUDITORS need to curve their niche. Not just cross over auditors, but ICT pros. Regards On Apr 27, 2016 6:40 PM, "waudo siganga" <emailsignet@mailcan.com> wrote: Hi Kivuva, My understanding, although of course open to correction, is that IT Systems Auditors are essentially certified auditors with specialist training and skills to audit "through" and "around" IT systems. I would envisage someone with an auditing qualification backed up with a supplementary qualification is systems auditing but at the end of the day this person is an AUDITOR. In addition the training for today's certified auditors already includes systems audit as a subject. So the key skill is auditing, supplemented by systems knowledge. If this is the case then these professionals are already covered under statutory provisions. Waudo On Wed, Apr 27, 2016, at 04:25 PM, Mwendwa Kivuva via kictanet wrote: On 27 April 2016 at 16:12, Paul Roy <roykoikai@gmail.com> wrote: Last - As long as I am a the helm of ISACA Kenya, I would like to open up our doors to the various experts within the industry who are willing to retrain IT auditors, IT Security professionals to consider ISACA as an ally. Let us work together, talk to me, come for one of the evening talks and let us grow and strengthen the profession. Hi Paul, Thanks for the elaborate reply. My main concern is if it's legislated that people with valid IT Systems Audit certifications are the only ones doing IT audits for public interest organisations. The way only Lawyers can only do certain duties, or CPAs. Is this something feasible? Regards ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh *_______________________________________________* kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/emailsignet%40mailcan.... The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
+1 Kivuva, There are some Business/Commerce Graduates/Accountants with CISA qualifications who can do some pretty good IS-Audits. But more often than not, these are those with an extra IT background e.g Diplomas in IT or what used to be the pre-univ IT course IMIS or IDPM during the late 90s/early 2000s. Strictly speaking, IS- Audits are quite complex EVEN for IT/CS graduates with CISA qualifications. Bottom line is for each IS Auditor to acknowledge their weak areas and rope in the necessary competencies to complement their gaps. Something that requires honesty or humility. Most practicing IS auditors may not want to concede on this point (nor share the money) and subsequently go ahead and sign off IS-Audits report that are not value adding to the client. I call this a 'Checklist-Audit' rather than an IS-Audit. Perhaps that is what CBK has been getting and accepting from the banks who know that CBK may not bother to dig deeper into these IS Audit reports. walu. From: Mwendwa Kivuva via kictanet <kictanet@lists.kictanet.or.ke> To: jwalu@yahoo.com Cc: Mwendwa Kivuva <Kivuva@transworldafrica.com>; KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Sent: Wednesday, April 27, 2016 6:38 PM Subject: Re: [kictanet] CBK lacks tech savvy team to survey local lenders Dr Waudo, you are correct in that assertion, but just partially. Remember the IFMIS system "hacking" that happened a year ago? A very highly placed person made allegations that systems were compromised, etc. Some years back, the Minister of Finance claimed of a "software bug" that inserted a typing error into his budget figures. There was also such reports from KNEC on "software bugs".If you are an ICT expert, you would always be able to read in between the line. And that is where ICT AUDITORS need to curve their niche. Not just cross over auditors, but ICT pros.Regards On Apr 27, 2016 6:40 PM, "waudo siganga" <emailsignet@mailcan.com> wrote: Hi Kivuva, My understanding, although of course open to correction, is that IT Systems Auditors are essentially certified auditors with specialist training and skills to audit "through" and "around" IT systems. I would envisage someone with an auditing qualification backed up with a supplementary qualification is systems auditing but at the end of the day this person is an AUDITOR. In addition the training for today's certified auditors already includes systems audit as a subject. So the key skill is auditing, supplemented by systems knowledge. If this is the case then these professionals are already covered under statutory provisions. Waudo On Wed, Apr 27, 2016, at 04:25 PM, Mwendwa Kivuva via kictanet wrote: On 27 April 2016 at 16:12, Paul Roy <roykoikai@gmail.com> wrote: Last - As long as I am a the helm of ISACA Kenya, I would like to open up our doors to the various experts within the industry who are willing to retrain IT auditors, IT Security professionals to consider ISACA as an ally. Let us work together, talk to me, come for one of the evening talks and let us grow and strengthen the profession. Hi Paul, Thanks for the elaborate reply. My main concern is if it's legislated that people with valid IT Systems Audit certifications are the only ones doing IT audits for public interest organisations. The way only Lawyers can only do certain duties, or CPAs. Is this something feasible? Regards ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh _______________________________________________kictanet mailing listkictanet@lists.kictanet.or.kehttps://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/emailsignet%40mailcan.... The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Guys I see a theme coming up for a breakfast discussion..this is a seriously important topical issue right now. Ali Hussein Principal Hussein & Associates +254 0713 601113 / 0770906375 Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim "Discovery consists in seeing what everyone else has seen and thinking what no one else has thought". ~ Albert Szent-Györgyi Sent from my iPad
On 27 Apr 2016, at 7:19 PM, Walubengo J via kictanet <kictanet@lists.kictanet.or.ke> wrote:
+1 Kivuva,
There are some Business/Commerce Graduates/Accountants with CISA qualifications who can do some pretty good IS-Audits. But more often than not, these are those with an extra IT background e.g Diplomas in IT or what used to be the pre-univ IT course IMIS or IDPM during the late 90s/early 2000s.
Strictly speaking, IS- Audits are quite complex EVEN for IT/CS graduates with CISA qualifications.
Bottom line is for each IS Auditor to acknowledge their weak areas and rope in the necessary competencies to complement their gaps. Something that requires honesty or humility. Most practicing IS auditors may not want to concede on this point (nor share the money) and subsequently go ahead and sign off IS-Audits report that are not value adding to the client.
I call this a 'Checklist-Audit' rather than an IS-Audit. Perhaps that is what CBK has been getting and accepting from the banks who know that CBK may not bother to dig deeper into these IS Audit reports.
walu.
From: Mwendwa Kivuva via kictanet <kictanet@lists.kictanet.or.ke> To: jwalu@yahoo.com Cc: Mwendwa Kivuva <Kivuva@transworldafrica.com>; KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Sent: Wednesday, April 27, 2016 6:38 PM Subject: Re: [kictanet] CBK lacks tech savvy team to survey local lenders
Dr Waudo, you are correct in that assertion, but just partially. Remember the IFMIS system "hacking" that happened a year ago? A very highly placed person made allegations that systems were compromised, etc. Some years back, the Minister of Finance claimed of a "software bug" that inserted a typing error into his budget figures. There was also such reports from KNEC on "software bugs". If you are an ICT expert, you would always be able to read in between the line. And that is where ICT AUDITORS need to curve their niche. Not just cross over auditors, but ICT pros. Regards On Apr 27, 2016 6:40 PM, "waudo siganga" <emailsignet@mailcan.com> wrote: Hi Kivuva,
My understanding, although of course open to correction, is that IT Systems Auditors are essentially certified auditors with specialist training and skills to audit "through" and "around" IT systems. I would envisage someone with an auditing qualification backed up with a supplementary qualification is systems auditing but at the end of the day this person is an AUDITOR. In addition the training for today's certified auditors already includes systems audit as a subject. So the key skill is auditing, supplemented by systems knowledge. If this is the case then these professionals are already covered under statutory provisions.
Waudo
On Wed, Apr 27, 2016, at 04:25 PM, Mwendwa Kivuva via kictanet wrote:
On 27 April 2016 at 16:12, Paul Roy <roykoikai@gmail.com> wrote: Last - As long as I am a the helm of ISACA Kenya, I would like to open up our doors to the various experts within the industry who are willing to retrain IT auditors, IT Security professionals to consider ISACA as an ally. Let us work together, talk to me, come for one of the evening talks and let us grow and strengthen the profession.
Hi Paul,
Thanks for the elaborate reply.
My main concern is if it's legislated that people with valid IT Systems Audit certifications are the only ones doing IT audits for public interest organisations. The way only Lawyers can only do certain duties, or CPAs. Is this something feasible?
Regards
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/emailsignet%40mailcan....
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Ali, that is true. On 27 April 2016 at 22:33, Ali Hussein via kictanet < kictanet@lists.kictanet.or.ke> wrote:
I see a theme coming up for a breakfast discussion..this is a seriously important topical issue right now.
The theme has been on the radar for some time: Check: Communications Authority moves to nab cyber criminals CA invited requests for tenders “to carry out mobile survey on e-commerce and cyber prevention, detection and reporting in Kenya: http://www.nation.co.ke/business/Communications-Authority-moves-to-nab-cyber... Treasury orders IFMIS audit to to improve efficiency, stem corruption": http://www.businessdailyafrica.com/Treasury-orders-IFMIS-audit-to-improve-ef... Regards ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
participants (3)
-
Ali Hussein -
Mwendwa Kivuva -
Walubengo J