Abstract:

The purpose of auditing an information system is to assess, amongst others
for the organizations' management, that the system functions in the way it
was intended. Because of the speed of technology developments and the
increasing complexity of infrastructures and information systems, auditing
information systems is becoming more and more difficult. Knowledge of many
aspects of information technology is required in order to give an opinion on
the quality of information systems. Since it is nearly impossible to combine
all this expertise in one person, cooperation between several disciplines is
necessary. This paper will give an introduction to the different aspects of
it-auditing in general and will demonstrate the difficulties that it-auditors
face when, for example, auditing an electronic commerce information system.
It will be concluded by discussing trends in information technology, control
theories and it-auditing and by suggesting solutions for the problems that
auditors face.

CV:

Since 1993, Leon Strous is edp-auditor in the internal auditing
department of De Nederlandsche Bank (DNB), the central bank of the
Netherlands. Before joining DNB he worked eight years for the Philips
Electronics company in different functions in the administrative
organization, internal control and information security area. He is a member
of NOREA (Dutch Association of Registered Edp-Auditors), NGI (Dutch Computer
Society), ISACA (Information Systems Audit and Control Association) and the
ACM (Association for Computing Machinery). He is the country representative
for the Netherlands in IFIP TC-11 (the technical committee on security of the
International Federation for Information Processing) and chairman of working
group 11.5 on Integrity and Internal Control in Information Systems. He is
also chairing an NGI working group on security evaluation criteria.