Data Management Audit Engagements Across Two Countries
| Název práce: | Data Management Audit Engagements Across Two Countries |
|---|---|
| Autor(ka) práce: | Cataffo, Sofia |
| Typ práce: | Diploma thesis |
| Vedoucí práce: | Svatá, Vlasta |
| Oponenti práce: | Kadochová, Lucie |
| Jazyk práce: | English |
| Abstrakt: | The aim of this thesis is to develop a Risk And Control Matrix (RACM) for internal auditing in the field of information technology, on the topic of data management. The RACM is the key output of internal audit work, and it consists of a document explaining the risks related to the topic under investigation, how the auditee is expected to face them (through control measures), and the results of testing of those controls. The paper is based on engagements in two legal entities, one established in Croatia and the other one in Bulgaria. The engagements are conducted by a Company based in Czech Republic, with legal entities active throughout Central and Eastern Europe. The author aims at building a RACM to be used in present and future engagements in data management, suitable for entities of all nationalities and capability levels in the region of the company’s activity. This goal is reached with the proposal of a single RACM, which can be used as starting point for audit engagements in IT data management. The key difference between entities is found to be not related to the country of activity, but to the capability and maturity level of the entity’s processes. |
| Klíčová slova: | audit; information technology; internal audit; data management; COBIT 2019 |
| Název práce: | Data Management Audit Engagements Across Two Countries |
|---|---|
| Autor(ka) práce: | Cataffo, Sofia |
| Typ práce: | Diplomová práce |
| Vedoucí práce: | Svatá, Vlasta |
| Oponenti práce: | Kadochová, Lucie |
| Jazyk práce: | English |
| Abstrakt: | The aim of this thesis is to develop a Risk And Control Matrix (RACM) for internal auditing in the field of information technology, on the topic of data management. The RACM is the key output of internal audit work, and it consists of a document explaining the risks related to the topic under investigation, how the auditee is expected to face them (through control measures), and the results of testing of those controls. The paper is based on engagements in two legal entities, one established in Croatia and the other one in Bulgaria. The engagements are conducted by a Company based in Czech Republic, with legal entities active throughout Central and Eastern Europe. The author aims at building a RACM to be used in present and future engagements in data management, suitable for entities of all nationalities and capability levels in the region of the company’s activity. This goal is reached with the proposal of a single RACM, which can be used as starting point for audit engagements in IT data management. The key difference between entities is found to be not related to the country of activity, but to the capability and maturity level of the entity’s processes. |
| Klíčová slova: | audit; internal audit; data management; COBIT 2019; information technology |
Informace o studiu
| Studijní program / obor: | Information Systems Management |
|---|---|
| Typ studijního programu: | Magisterský studijní program |
| Přidělovaná hodnost: | Ing. |
| Instituce přidělující hodnost: | Vysoká škola ekonomická v Praze |
| Fakulta: | Fakulta informatiky a statistiky |
| Katedra: | Katedra systémové analýzy |
Informace o odevzdání a obhajobě
| Datum zadání práce: | 2. 11. 2022 |
|---|---|
| Datum podání práce: | 29. 4. 2023 |
| Datum obhajoby: | 29. 5. 2023 |
| Identifikátor v systému InSIS: | https://insis.vse.cz/zp/82607/podrobnosti |