ITTIHAD UNIVERSITY

College of Management & Information Systems

B.S . !rogram in B"siness Information Systems
IT Management for Ser#i e $%erations &'(')*)+,

IT Assignment (
Internal A"-it. Com%lian e& Et/i s an- Ris0 Management

S"1mitte- 1y2 Zubaidah Abdul Rehman (20042080)

I declare that this assignment is my own work, in my own words and it does not include any copy paste or plagiarism issues. I also confirm that I did not copy it from others and I have included all the references.

S"%er#ise- 1y2 Dr. Selma EL-Sheikh

Internal Audit, !m"lian#e$ Ethi#% and Ri%k &ana'ement

(able !) !ntent%

Section 1)
1.1) 1.2)

Introduction 3 3

Overview Purpose and Aim

Section 2)
2.1) 2.2) 2.3)

Discussion Findings 3 !t"ics # '

Internal Audit Compliance

!nterprise $is% &anagement

Section 3)

Conclusion ( Summar)

$e+erences

Zubaidah Abdul Rehman, 200 20!0

Page 2 of 8

Internal Audit, !m"lian#e$ Ethi#% and Ri%k &ana'ement

Se#ti!n *) *.*)

Intr!du#ti!n

+,er,ie-"e pro.ect will contain discussion on internal audit/ et"ics and compliance and

enterprise ris% management. Internal audit are activities conducted 0) an organi1ation +or evaluating t"emselves internall) and it is di++erent +rom e2ternal audit. &ost o+ t"e organi1ations are "aving code o+ et"ics and standards or policies t"at will support t"at et"ical culture and aspects w"ere all t"e emplo)ees s"ould compl) wit" it wit"out +ailure. !nterprise ris% management is 0roader +orm o+ ris% management in+luencing t"e overall operations o+ t"e organi1ation. *.*.*. .ur"!%e, and Aim

-"e purpose o+ t"e pro.ect is to identi+) w"at internal audit/ et"ics and compliance/ and enterprise ris% management are and to ma%e a discussion a0out t"ese terms 0) directl) lin%ing t"em to practical li+e in t"e organi1ational operations. -"ere+ore/ t"e pro.ect is aimed to provide good discussion around t"e various +acts o+ t"ese concepts. Se#ti!n 2) 2.*) Di%#u%%i!n /indin'%

Internal Audit Internal audit is a process t"at involves o0.ective assurance/ independent and

consulting activit). It is designed +or adding value and improving t"e operations o+ an organi1ation. -"ere+ore/ it will 0e "elping t"e organi1ation so t"at t"e) will 0e a0le to accomplis" t"eir o0.ectives set 0) 0ringing disciplined and s)stematic approac" +or evaluating and improving t"e e++ectiveness o+ governance processes/ control and ris% management. -"e internal auditors will 0e evaluating t"e e++ectiveness and e++icienc) o+ t"e organi1ation3s procedures along wit" t"eir related internal controls1.

4owal/ Pari0as. 52663). Co0i- +or Internal Auditors. $etrieved ' Decem0er 2611 +rom "ttp7((www.n)sscpa.org(committees(emergingtec"(co0it.ppt
1

Zubaidah Abdul Rehman, 200 20!0

Page 3 of 8

Internal Audit, !m"lian#e$ Ethi#% and Ri%k &ana'ement

Internal audit is carried out 0) internal auditors +or reporting to t"e Audit Committee o+ t"e 8oard o+ Directors and t"e top management. Some o+ t"e areas o+ internal audit are ma%ing sure emplo)ees are not ma%ing copies o+ so+tware programs 0ecause it is illegal and auditing +or +raud. -"ere+ore/ ever) department will 0e "aving personnel +or conducting audit +unctions o+ t"eir departmental activities assuring and c"ec%ing e++icienc) and e++ectiveness 2. I- auditing is involving t"e evaluation o+ t"e computer3s role suc" as control o0.ectives ac"ievement and audit o0.ectives ac"ievement. -"ere will 0e in+ormation providing suc" as means proving in+ormation and data will 0e availa0le/ secure/ con+idential and relia0le3. In ot"er words/ internal is considered as parallel process incurring 0e+ore e2ternal audit or preparing +or e2ternal audit. -"e in+ormation +or internal audit will 0e coming +rom management in+ormation s)stems/ production or operations/ +inance and accounting/ researc" and development/ mar%eting and management4. -"e personnel conducting internal audit s"ould 0e certi+ied internal auditor. -"e ma.or areas o+ e2am will include 0usiness management s%ills/ in+ormation tec"nolog) and 0usiness anal)sis/ conducting internal audit and its role in control/ ris% and governance 5. -"ere+ore/ an internal auditor will 0e usuall) compan) emplo)ee +or auditing w"et"er organi1ation is compl)ing inline wit" set standards/ policies and procedures6. 2.2)
2

!m"lian#e $ Ethi#%

Strand/ Sim%in/ 8agrano++. 5266#). In+ormation -ec"nolog) Auditing. $etrieved ' Decem0er 2611 +rom "ttp7(("ig"ered0cs.wile).com(legac)(college(0agrano++(69*669##:6(ppt(c"11.ppt Strand/ Sim%in/ 8agrano++. 5266#). In+ormation -ec"nolog) Auditing. $etrieved ' Decem0er 2611 +rom "ttp7(("ig"ered0cs.wile).com(legac)(college(0agrano++(69*669##:6(ppt(c"11.ppt
3

&a%aeva. 52669). Internal Scanning7 Organi1ational Anal)sis. $etrieved ' Decem0er 2611 +rom "ttp7((s0mt.0su.0)(+acult)(ma%aeva;#Cma%aevaS&en;#C<ecture=otes ;#CIntrernal>Scanning>and>Organi1ational>Anal)sis.ppt
9

?urt. 52616). Pro+essional Certi+ications and Career Planning. $etrieved ' Decem0er 2611 +rom "ttp7((www.p"iladelp"ia.edu..o(courses(AIS(C"ap61*.ppt
#

-ur0an/ &c<ean/ @et"er0e. 52666). &anaging In+ormation $esources and Securit). $etrieved ' Decem0er 2611 +rom "ttp7((people."o+stra.edu(<aura>?><all)(0cis961(c"1#.ppt
'

Zubaidah Abdul Rehman, 200 20!0

Page 4 of 8

Internal Audit, !m"lian#e$ Ethi#% and Ri%k &ana'ement

!t"ics are set o+ guiding ideals/ standards or 0elie+s t"at will 0e pervading a group or an individual. -"ere is great importance to computer et"ics 0ecause t"e people are "aving certain +ears and perceptions towards t"e use o+ computer. &ost o+ t"e organi1ations "ave et"ics programs/ code o+ et"ics/ and et"ics audit. An et"ics program will 0e consisting o+ several activities t"at will provide sta++ mem0ers wit" directions to carr) out t"e credo o+ a corporate. @"ere0)/ et"ics audit per+ormed are 0) t"e internal auditors to evaluate compliance 0) t"e sta++ mem0ers. -"e) will 0e auditing per+ormed activities against code o+ et"ics7. -"ere are some issues o+ computer et"ics suc" as internal control integrit)/ unemplo)ment and displacement/ eAuit) in access/ owners"ip o+ propert)/ privac)/ computer misuse/ arti+icial intelligence/ environmental issues/ and securit) and accurac) 8. -"e two approac"es in et"ics are integrit)B0ased approac" and complianceB0ased approac"9. In order to "ave e++ective et"ics compliance/ t"e organi1ation s"ould consider t"e +ollowing107 2.0)
*

!sta0lis"ing compliance procedures and standards/ Assigning top level management/ Avoiding delegating responsi0ilit) w"o are not trustwort")/ Communicating procedures and standards to all emplo)ees/ &onitoring and auditing s)stems +or detecting unet"ical activities/ !n+orcing et"ical standards/ and &a%ing ad.ustments in t"e process o+ et"ical issues.

Enter"ri%e Ri%k &ana'ement

&c<eod/ Sc"ell. 52669). !t"ical Implications O+ In+ormation -ec"nolog). $etrieved ' Decem0er 2611 +rom "ttp7((people."o+stra.edu(<aura>?><all)(0cis961(c"1#.ppt @"eeler/ P. 52663). !t"ics/ Fraud/ and Internal Control. $etrieved ' Decem0er 2611 +rom "ttp7((www.swlearning.com(accounting("all(ais>9e(ppt(c"63.ppt
,

Altman. 5266#). Organi1ational !t"ics and t"e <aw. $etrieved ' Decem0er 2611 +rom "ttp7(("ercules.gcsu.edu(Cdgoings(m%tg31*2(C"ap66'.ppt
:

Stanwic%/ P. 52666). Dnderstanding 8usiness !t"ics. $etrieved ' Decem0er 2611 +rom "ttp7((www.au0urn.edu(Cstanwsd(introtoet"ics.ppt
16

Zubaidah Abdul Rehman, 200 20!0

Page 5 of 8

Internal Audit, !m"lian#e$ Ethi#% and Ri%k &ana'ement

!nterprise ris% management 5!$&) is consisting o+ t"ree areas7 operational ris%s/ speculative ris%s and strategic ris%s. It is muc" 0roader concept considering personnel/ propert) or lia0ilit) loss e2posures11. -"e process o+ !$& will 0e +lowing and ongoing t"roug" an entit) and t"e application will 0e during strateg) setting. -"e design o+ !$& will 0e to identi+) possi0le events t"at mig"t a++ect t"e entit) so t"at t"e) will 0e a0le to prepare ris% management at enterprise level and to provide reasona0le assurance. -"ere are si2 encompassing areas in !$& as s"own in +igure 17

Figure 17 !$& !ncompassing Areas 12 Se#ti!n 0) !n#lu%i!n

$e.da. 52666). Advanced -opics in $is% &anagement. $etrieved ' Decem0er 2611 +rom "ttp7((+acultad.0a)amon.inter.edu(cde"o)os(+inan1as(seguros(+in;26'61(CAP;269.ppt
11

&ula)/ P. 5266'). In+ormation $is% &anagement visBEBvis !nterprise $is% &anagement. $etrieved ' Decem0er 2611 +rom "ttp7((www.assoc"am.org(events(recent(event>'#(Presentation>>>!$&>>>26>9>6'>>>Pravi n>&ula).ppt
12

Zubaidah Abdul Rehman, 200 20!0

Page 6 of 8

Internal Audit, !m"lian#e$ Ethi#% and Ri%k &ana'ement

@e "ave discussed a0out internal audit/ compliance and et"ics/ ris% management. All "ave and pla)s ma.or +unctions in t"e operations o+ organi1ations. -"ere+ore/ internal audit is "elping to accomplis" organi1ational to departmental o0.ectives +or 0ringing improvements. !t"ics is important in t"e 0usiness world and it is in t"e top agenda o+ 0usinesses to ma%e sure t"at sta++ are compl)ing wit" et"ical standards and activities set or initiated. @it"out an e++ective et"ics compliance program/ t"ere is no point +or et"ics. !$& ena0les identi+)ing possi0le events t"at mig"t a++ect t"e 0usiness and it will "elp in managing ris%s e++ectivel) and e++icientl).

Zubaidah Abdul Rehman, 200 20!0

Page 7 of 8

Internal Audit, !m"lian#e$ Ethi#% and Ri%k &ana'ement

Re)eren#e% 1) 4owal/ Pari0as. 52663). Co0i- +or Internal Auditors. $etrieved ' Decem0er 2611 +rom 8agrano++. 5266#). In+ormation -ec"nolog) Auditing. $etrieved ' 2611 +rom

"ttp7((www.n)sscpa.org(committees(emergingtec"(co0it.ppt 2) Strand/ Sim%in/ Decem0er 3) Strand/ Sim%in/ Decem0er

"ttp7(("ig"ered0cs.wile).com(legac)(college(0agrano++(69*669##:6(ppt(c"11.ppt 8agrano++. 5266#). In+ormation -ec"nolog) Auditing. $etrieved ' 2611 +rom

"ttp7(("ig"ered0cs.wile).com(legac)(college(0agrano++(69*669##:6(ppt(c"11.ppt 9) &a%aeva. 52669). Internal Scanning7 Organi1ational Anal)sis. $etrieved ' Decem0er 2611 +rom "ttp7((s0mt.0su.0)(+acult)(ma%aeva;#Cma%aevaS&en;#C<ecture=otes ;#CIntrernal>Scanning>and>Organi1ational>Anal)sis.ppt #) ?urt. 52616). Pro+essional Certi+ications and Career Planning. $etrieved ' Decem0er 2611 +rom "ttp7((www.p"iladelp"ia.edu..o(courses(AIS(C"ap61*.ppt ') -ur0an/ &c<ean/ $etrieved *) &c<eod/ @et"er0e. 52666). &anaging In+ormation $esources and Securit). ' Decem0er 2611 +rom

"ttp7((people."o+stra.edu(<aura>?><all)(0cis961(c"1#.ppt Sc"ell. 52669). !t"ical Implications O+ In+ormation -ec"nolog). $etrieved ' Decem0er 2611 +rom "ttp7((people."o+stra.edu(<aura>?><all)(0cis961(c"1#.ppt ,) @"eeler/ P. 52663). !t"ics/ Fraud/ and Internal Control. $etrieved ' Decem0er 2611 +rom "ttp7((www.swlearning.com(accounting("all(ais>9e(ppt(c"63.ppt :) Altman. 5266#). Organi1ational !t"ics and t"e <aw. $etrieved ' Decem0er 2611 +rom "ttp7(("ercules.gcsu.edu(Cdgoings(m%tg31*2(C"ap66'.ppt 16) Stanwic%/ P. 52666). Dnderstanding 8usiness !t"ics. $etrieved ' Decem0er 2611 +rom "ttp7((www.au0urn.edu(Cstanwsd(introtoet"ics.ppt 11) $e.da. 52666). Advanced -opics in $is% &anagement. $etrieved ' Decem0er 2611 +rom "ttp7((+acultad.0a)amon.inter.edu(cde"o)os(+inan1as(seguros(+in;26'61(CAP;269.ppt 12) &ula)/ P. 5266'). In+ormation $is% &anagement visBEBvis !nterprise $is% &anagement. $etrieved avin>&ula).ppt ' Decem0er 2611 +rom "ttp7((www.assoc"am.org(events(recent(event>'#(Presentation>>>!$&>>>26>9>6'>>>Pr

Zubaidah Abdul Rehman, 200 20!0

Page 8 of 8