Data Management Audit Engagements Across Two Countries
| Thesis title: | Data Management Audit Engagements Across Two Countries |
|---|---|
| Author: | Cataffo, Sofia |
| Thesis type: | Diploma thesis |
| Supervisor: | Svatá, Vlasta |
| Opponents: | Kadochová, Lucie |
| Thesis language: | English |
| Abstract: | The aim of this thesis is to develop a Risk And Control Matrix (RACM) for internal auditing in the field of information technology, on the topic of data management. The RACM is the key output of internal audit work, and it consists of a document explaining the risks related to the topic under investigation, how the auditee is expected to face them (through control measures), and the results of testing of those controls. The paper is based on engagements in two legal entities, one established in Croatia and the other one in Bulgaria. The engagements are conducted by a Company based in Czech Republic, with legal entities active throughout Central and Eastern Europe. The author aims at building a RACM to be used in present and future engagements in data management, suitable for entities of all nationalities and capability levels in the region of the company’s activity. This goal is reached with the proposal of a single RACM, which can be used as starting point for audit engagements in IT data management. The key difference between entities is found to be not related to the country of activity, but to the capability and maturity level of the entity’s processes. |
| Keywords: | audit; information technology; internal audit; data management; COBIT 2019 |
| Thesis title: | Data Management Audit Engagements Across Two Countries |
|---|---|
| Author: | Cataffo, Sofia |
| Thesis type: | Diplomová práce |
| Supervisor: | Svatá, Vlasta |
| Opponents: | Kadochová, Lucie |
| Thesis language: | English |
| Abstract: | The aim of this thesis is to develop a Risk And Control Matrix (RACM) for internal auditing in the field of information technology, on the topic of data management. The RACM is the key output of internal audit work, and it consists of a document explaining the risks related to the topic under investigation, how the auditee is expected to face them (through control measures), and the results of testing of those controls. The paper is based on engagements in two legal entities, one established in Croatia and the other one in Bulgaria. The engagements are conducted by a Company based in Czech Republic, with legal entities active throughout Central and Eastern Europe. The author aims at building a RACM to be used in present and future engagements in data management, suitable for entities of all nationalities and capability levels in the region of the company’s activity. This goal is reached with the proposal of a single RACM, which can be used as starting point for audit engagements in IT data management. The key difference between entities is found to be not related to the country of activity, but to the capability and maturity level of the entity’s processes. |
| Keywords: | audit; internal audit; data management; COBIT 2019; information technology |
Information about study
| Study programme: | Information Systems Management |
|---|---|
| Type of study programme: | Magisterský studijní program |
| Assigned degree: | Ing. |
| Institutions assigning academic degree: | Vysoká škola ekonomická v Praze |
| Faculty: | Faculty of Informatics and Statistics |
| Department: | Department of Systems Analysis |
Information on submission and defense
| Date of assignment: | 2. 11. 2022 |
|---|---|
| Date of submission: | 29. 4. 2023 |
| Date of defense: | 29. 5. 2023 |
| Identifier in the InSIS system: | https://insis.vse.cz/zp/82607/podrobnosti |