[kictanet] CBK lacks tech savvy team to survey local lenders
Walubengo J
jwalu at yahoo.com
Wed Apr 27 19:19:47 EAT 2016
+1 Kivuva,
There are some Business/Commerce Graduates/Accountants with CISA qualifications who can do some pretty good IS-Audits. But more often than not, these are those with an extra IT background e.g Diplomas in IT or what used to be the pre-univ IT course IMIS or IDPM during the late 90s/early 2000s.
Strictly speaking, IS- Audits are quite complex EVEN for IT/CS graduates with CISA qualifications.
Bottom line is for each IS Auditor to acknowledge their weak areas and rope in the necessary competencies to complement their gaps. Something that requires honesty or humility. Most practicing IS auditors may not want to concede on this point (nor share the money) and subsequently go ahead and sign off IS-Audits report that are not value adding to the client.
I call this a 'Checklist-Audit' rather than an IS-Audit. Perhaps that is what CBK has been getting and accepting from the banks who know that CBK may not bother to dig deeper into these IS Audit reports.
walu.
From: Mwendwa Kivuva via kictanet <kictanet at lists.kictanet.or.ke>
To: jwalu at yahoo.com
Cc: Mwendwa Kivuva <Kivuva at transworldafrica.com>; KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke>
Sent: Wednesday, April 27, 2016 6:38 PM
Subject: Re: [kictanet] CBK lacks tech savvy team to survey local lenders
Dr Waudo, you are correct in that assertion, but just partially. Remember the IFMIS system "hacking" that happened a year ago? A very highly placed person made allegations that systems were compromised, etc. Some years back, the Minister of Finance claimed of a "software bug" that inserted a typing error into his budget figures. There was also such reports from KNEC on "software bugs".If you are an ICT expert, you would always be able to read in between the line. And that is where ICT AUDITORS need to curve their niche. Not just cross over auditors, but ICT pros.Regards On Apr 27, 2016 6:40 PM, "waudo siganga" <emailsignet at mailcan.com> wrote:
Hi Kivuva, My understanding, although of course open to correction, is that IT Systems Auditors are essentially certified auditors with specialist training and skills to audit "through" and "around" IT systems. I would envisage someone with an auditing qualification backed up with a supplementary qualification is systems auditing but at the end of the day this person is an AUDITOR. In addition the training for today's certified auditors already includes systems audit as a subject. So the key skill is auditing, supplemented by systems knowledge. If this is the case then these professionals are already covered under statutory provisions. Waudo On Wed, Apr 27, 2016, at 04:25 PM, Mwendwa Kivuva via kictanet wrote:
On 27 April 2016 at 16:12, Paul Roy <roykoikai at gmail.com> wrote:
Last - As long as I am a the helm of ISACA Kenya, I would like to open up our doors to the various experts within the industry who are willing to retrain IT auditors, IT Security professionals to consider ISACA as an ally. Let us work together, talk to me, come for one of the evening talks and let us grow and strengthen the profession.
Hi Paul, Thanks for the elaborate reply. My main concern is if it's legislated that people with valid IT Systems Audit certifications are the only ones doing IT audits for public interest organisations. The way only Lawyers can only do certain duties, or CPAs. Is this something feasible? Regards
______________________
Mwendwa Kivuva, Nairobi, Kenya
twitter.com/lordmwesh
_______________________________________________kictanet mailing listkictanet at lists.kictanet.or.kehttps://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/emailsignet%40mailcan.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20160427/97d93469/attachment.htm>
More information about the KICTANet
mailing list