INFORMATION TECHNOLOGY AND SYSTEMS AUDIT (A CASE STUDY OF FIRST BANK OF NIG PLC)
This research tends to examine information technology and systems audit with reference to First Bank Nigeria Plc.
The research employ survey design and a simple random sampling technique was adopted for selection of respondents the questionnaires were administered to. A sample of twenty (20) was drawn from the entire population.
Data gathered from the respondents were presentated on tables in percentage. Two hypotheses were formulated and tested with use of Chi-square analysis. The results of the test shows that Information Technology and Systems Audit has a positive influence on the Banking sector in Nigeria and Systems Audit has a positive impact on the computer systems security and information security within an organisation.
Recommendations were proffered to banks to implore the use of information technology.
TABLE OF CONTENTS
Title page - - - - - - - - - - i
Approval - - - - - - - - - - ii
Dedication - - - - - - - - - - iii
Acknowledgement - - - - - - - - - iv
Abstract - - - - - - - - - - v
CHAPTER 1: INTRODUCTION
1.1 Background Information
1.2 Statement of the problem
1.3 Aims of the study
1.4 Objectives of the study
1.5 Research Methodology
1.6 Research Questions
1.7 Research Hypotheses
1.8 Significance of the Study
1.9 Limitations/Scope of the Study
1.10 Research Outline
CHAPTER 2: REVIEW OF LITERATURE
2.2 An overview of Information Technology Audit
2.3 Types of Information System
2.4 Information Systems Audit Process
2.5 Information technology and Systems Audit
2.6 Objectives of Information Systems Audit
2.7 Information System Audit Methodology
2.8 Summary of Related Literature
CHAPTER 3: RESEARCH METHODOLOGY
3.1 Research Design
3.2 Research Population
3.3 Tools for collecting data
3.4 Data Analysis and Procedures
CHAPTER 4: DATA PRESENTATION AND ANALYSIS
4.2 Demographies of respondents
4.3 Analysis of Research Questions
4.4 Analysis of Research Hypotheses
CHAPTER 5: SUMMARY OF FINDINGS, CONCLUSION AND RECOMMENDATION
5.1 Summary of Findings
1.1 BACKGROUND INFORMATION:
Information according to Information Systems Audit and Control Association (ISACA) was defined as data endowed with meaning and purpose. Today, information plays an increasingly important role in all aspects of our lives. Information has become an indispensable component for conducting business for virtually all organizations. In a growing number of companies, information is the business. Some might not think of software as information, but it is simply information for computers on how to operate or process something. In addition, a significant amount of data is created and distributed by end users without involving the IT organisation.
Traditional organisations have undergone radical transformations in the information age as well. The graphic arts and printing industry, for example, deals almost entirely with information in digital form. Artwork and masters are no longer physical drawings on pieces of film but blocks of information stored on hard disks. Finally, many other organisations continue to strive for a paperless environment as well.
It would be difficult to find a business that has not been touched by information technology and is not dependent on the information it processes. Information systems have become pervasive in global society and business, and the dependence on these systems and the information they handle is arguably absolute. The trend of escalating value of and dependence on information has increased exponentially.
Information Technology Auditing (IT auditing) began as Electronic Data Process (EDP). Auditing are developed largely as a result of the rise in technology in accounting systems, the need for IT control, and the impact of computers on the ability to perform attestation services. The last few years have been an exciting time in the world of IT auditing as a result of the accounting scandals and increased regulation. IT auditing has had a relatively short yet rich history when compared to auditing as a whole and remains an ever changing field.
The introduction of computer technology into accounting systems changed the way data was stored, retrieved and controlled. It is believed that the first use of a computerized accounting system was at General Electric in 1954. During the period of 1954 to the mid-1960s, the auditing profession was still auditing around the computer. At this time only mainframe computers were used and few people had the skills and abilities to program computers. This began to change in the mid-1960s with the introduction of new, smaller and less expensive machines. This increased the use of computers in businesses and with it came the need for auditors to become familiar with EDP concepts in business. Along with the increase in computer use, came the rise of different types of accounting systems. The industry soon realized that they needed to develop their own software and the first of the generalized audit software (GAS) was developed. In 1968, the American Institute of Certified Public Accountants (AICPA) had the Big Eight (now the Big Four) accounting firms participate in the development of EDP auditing. The result of this was the release of Auditing & EDP. The book included how to document EDP audits and examples of how to process internal control reviews.
Around this time EDP auditors formed the Electronic Data Processing Auditors Association (EDPAA). The goal of the association was to produce guidelines, procedures and standards for EDP audits. In 1977, the first edition of Control Objectives was published. This publication is now known as Control Objectives for Information and related Technology (CobiT). CobiT is the set of generally accepted IT control objectives for IT auditors. In 1994, EDPAA changed its name to Information Systems Audit and Control Association (ISACA). The period from the late 1960s through today has seen rapid changes in technology from the microcomputer and networking to the internet and with these changes came some major events that change IT auditing forever.
The relentless advance of IT and the unparalleled ability to access, manipulate and use information has brought enormous benefits and opportunities to the global economy (ISACA). It has also brought unparalleled new risks, ethical dilemmas, and a confounding patchwork of existing and pending laws and regulations, as well as social changes and related issues such as telecommuting and increased mobility.
Executive management is increasingly confronted by the need to stay competitive in the global economy and heed the promise of greater gains from the deployment of more information resources. But even as organisations reap those gains, the twin spectres of increasing dependence on information and the systems that support it and advancing risks from a host of threats are forcing management to face difficult decisions about how to effectively address information security. In addition, scores of new and existing laws and regulations are increasingly demanding compliance and higher levels of accountability.
Information security related to privacy of information, and information security itself, addresses the universe of risks, benefits and processes involved with information, and must be driven by executive management and supported by the board of directors.
Information security governance according to IT Governance Institute (2003) is the responsibility of the board of directors and executive management, and must be an integral and transparent part of enterprise governance. Information security governance consists of the leadership, organisational structures and processes that safeguard information. As in the case of controls, nothing has changed with respect to the basic premise of information as an asset. What has changed is the platform and repositories used for collecting, processing and storing information. This explains why the board and executive management continue to be responsible and accountable for the organisation’s most valuable asset, which is information.
1.2 STATEMENT OF THE PROBLEM
The following lists of the statement of the problem are not exclusive but give an insight into the number and magnitude of these problems:
There is the problem of knowledge gap in the dynamics of Information Systems Audit i.e. people have failed to update themselves on the current issues as it relates with Information Systems Audit. There is also the problem of non-chalant attitude on the part of some of the Information System Auditors who have refused to do in-depth work in the course of their job.
1.3 AIMS OF THE STUDY:
The aim of this project is to:
(a) To understand the concept of Information Technology and Systems audit in the financial sector of Nigeria and how it plays a very important role especially in the banking sector
(b) To show the relevance of information technology and systems audit in First Bank.
1.4 OBJECTIVES OF THE STUDY
The objectives of the study are:
To ascertain that Security provisions protect computer equipment, programs, communication and data from unauthorized access, modifications or destruction. To ascertain program development and acquisition are performed in accordance with management’s general and specific authorization. To determine an overview of Information Technology Audit. To ascertain the types of Information Technology Audit. To examine Information Systems Audit process. To establish the relationship Information Technology and Systems Audit.
1.5 RESEARCH METHODOLOGY
Questionnaire was designed and administered to collect data which was analysed to solve some research questions and hypothesis. Methods or analysis are based on simple percentage and chi-square analysis.
1.6 RESEARCH QUESTIONS
Answers to the following questions will serve as solutions to the statement of the problems.
Does the organisation carry out her systems audit using the current control objectives? Does the organisation depend on their system for effectiveness? The information system personnel employed in the company are highly skilled and have good educational background. Are all passwords changed regularly especially the system administrator’s? Does the organisation have adequate third party technology support? Does the company encourage continuing technology education? Does the organisation have backup systems to save vital information? Does the company carry out hardware review evaluation on a periodic basis? Does the organisation carry out software review evaluation? Does the company assess the risk of server going down and upgrading it?
1.7 RESEARCH HYPOTHESES
H0 Information Technology and Systems Audit has a positive influence on the Banking sector in Nigeria.
H1 Information Technology and Systems Audit does not have a positive influence on the Banking sector in Nigeria.
H0 Systems Audit has a positive impact on the computer systems security and information security within an organisation.
H1 Systems Audit does not have any impact on computer systems security and information security within an organisation.
1.8 SIGNIFICANCE OF THE STUDY:
The impact of information technology in business in terms of information and as a business enabler. It has increased the ability to capture, store, analyze, and process tremendous amounts of data and information, which has increased the empowerment of the business decision maker.
2 Professional associations and organizations, and government entities recognized the need for IT control and audit ability.
3 Corporate and information processing management recognized that computers were key resources for competing in the business environment and similar to other valuable business resource within the organization, and therefore, the need for control and audit ability is critical.
4 The need by Auditor to use computers to perform attested function.
5 To ensure integrity of information system and reporting of organisation finances to
avoid and hopefully prevent future financial fiasco
1.9 LIMITATIONS/SCOPE OF THE STUDY:
The scope of this study was limited to First Bank of Nigeria Plc a financial institution. It focused on the relevance of information technology in information system audit.
The limitations encountered in the study are as follows:
The problem of classified information which has affected the research of the study. Some respondents did not return the questionnaires given to them. The data involved in the study is too voluminous for a test of accuracy. Some workers in First Bank were not cooperative and so they could not provide useful information.
1.10 RESEARCH OUTLINE
The study is broken down into 5 chapters and each chapter address the purpose of this paper work:
Chapter 1 Introduction
This should create a picture or overview of what the reader should expect in the study
Chapter 2 Review of Relevant Literature
This would show an in depth explanation into the scope of the study.
Chapter 3 Systems Designs/Design Methodology
This chapter will deal with the methods and procedures used in the research work. It will also describe the design of the study, area of the study, the population, the sample and sampling techniques. The method and instrument of data collection will be examined.
Chapter 4 Analysis of Results
It is concerned with the presentation, analysis and interpretation collected from the research. The analysis is based on findings extracted from the questionnaires that would be distributed.
Chapter 5 Summary, Conclusion and Recommendation
This chapter will summarize, conclude and make recommendations for this write up..