This research tends to examine information technology and systems audit with reference to First Bank Nigeria Plc.
The research employ survey design and a
simple random sampling technique was adopted for selection of
respondents the questionnaires were administered to. A sample of twenty
(20) was drawn from the entire population.
Data gathered from the respondents were
presentated on tables in percentage. Two hypotheses were formulated and
tested with use of Chi-square analysis. The results of the test shows
that Information Technology and Systems Audit has a positive influence
on the Banking sector in Nigeria and Systems Audit has a positive impact
on the computer systems security and information security within an
Recommendations were proffered to banks to implore the use of information technology.
TABLE OF CONTENT
CHAPTER 1 INTRODUCTION
1.1 Background Information
1.2 Statement of the problem
1.3 Aims of the study
1.4 Objectives of the study
1.5 Research Methodology
1.6 Research Questions
1.7 Research Hypotheses
1.8 Significance of the Study
1.9 Limitations/Scope of the Study
1.10 Research Outline
CHAPETR 2 REVIEW OF LITERATURE
2.2 An overview of Information Technology Audit
2.3 Types of Information System
2.4 Information Systems Audit Process
2.5 Information technology and Systems Audit
2.6 Objectives of Information Systems Audit
2.7 Information System Audit Methodology
2.8 Summary of Related Literature
CHAPTER 3 RESEARCH METHODOLOGY
3.1 Research Design
3.2 Research Population
3.3 Tools for collecting data
3.4 Data Analysis and Procedures
CHAPTER 4 DATA PRESENTATION AND ANALYSIS
4.2 Demographic Data of respondents
4.3 Analysis of Research Questions
4.4 Analysis of Research Hypotheses
CHAPTER 5 SUMMARY OF FINDINGS, CONCLUSION AND RECOMMENDATION
5.1 Summary of Findings
1.1 BACKGROUND INFORMATION
to Information Systems Audit and Control Association (ISACA) was defined
as data endowed with meaning and purpose. Today, information plays an
increasingly important role in all aspects of our lives. Information has
become an indispensable component for conducting business for virtually
all organizations. In a growing number of companies, information is the
business. Some might not think of software as information, but it is
simply information for computers on how to operate or process something.
In addition, a significant amount of data is created and distributed by
end users without involving the IT organisation.
Traditional organisations have undergone
radical transformations in the information age as well. The graphic
arts and printing industry, for example, deals almost entirely with
information in digital form. Artwork and masters are no longer physical
drawings on pieces of film but blocks of information stored on hard
disks. Finally, many other organisations continue to strive for a
paperless environment as well.
It would be difficult to find a business
that has not been touched by information technology and is not
dependent on the information it processes. Information systems have
become pervasive in global society and business, and the dependence on
these systems and the information they handle is arguably absolute. The
trend of escalating value of and dependence on information has increased
Information Technology Auditing (IT auditing) began as Electronic Data Process (EDP). Auditing are developed largely as a result of the rise in technology in accounting systems, the need for IT control, and the impact of computers
on the ability to perform attestation services. The last few years have
been an exciting time in the world of IT auditing as a result of the accounting
scandals and increased regulation. IT auditing has had a relatively
short yet rich history when compared to auditing as a whole and remains
an ever changing field.
The introduction of computer technology into accounting systems changed the way data was stored, retrieved and controlled. It is believed that the first use of a computerized accounting system was at General Electric in 1954. During the period of 1954 to the mid-1960s, the auditing profession was still auditing around the computer. At this time only mainframe computers were used and few people had the skills and abilities to program computers.
This began to change in the mid-1960s with the introduction of new,
smaller and less expensive machines. This increased the use of computers
in businesses and with it came the need for auditors to become familiar with EDP concepts in business.
Along with the increase in computer use, came the rise of different
types of accounting systems. The industry soon realized that they needed
to develop their own software and the first of the generalized audit software (GAS) was developed. In 1968, the American Institute of Certified Public Accountants (AICPA) had the Big Eight (now the Big Four) accounting firms participate in the development of EDP auditing. The result of this was the release of Auditing & EDP. The book included how to document EDP audits and examples of how to process internal control reviews.
Around this time EDP auditors formed the
Electronic Data Processing Auditors Association (EDPAA). The goal of
the association was to produce guidelines, procedures and standards for
EDP audits. In 1977, the first edition of Control Objectives was published. This publication is now known as Control Objectives for Information and related Technology
(CobiT). CobiT is the set of generally accepted IT control objectives
for IT auditors. In 1994, EDPAA changed its name to Information Systems
Audit and Control Association (ISACA). The period from the late 1960s through today has seen rapid changes in technology from the microcomputer and networking to the internet and with these changes came some major events that change IT auditing forever.
The relentless advance of IT and the
unparalleled ability to access, manipulate and use information has
brought enormous benefits and opportunities to the global economy
(ISACA). It has also brought unparalleled new risks, ethical dilemmas,
and a confounding pathwork of existing and pending laws and regulations,
as well as social changes and related issues such as telecommuting and
Executive management is increasingly
confronted by the need to stay competitive in the global economy and
heed the promise of greater gains from the deployment of more
information resources. But even as organisations reap those gains, the
twin spectres of increasing dependence on information and the systems
that support it and advancing risks from a host of threats are forcing
management to face difficult decisions about how to effectively address
information security. In addition, scores of new and existing laws and
regulations are increasingly demanding compliance and higher levels of
Information security related to privacy
of information, and information security itself, addresses the universe
of risks, benefits and processes involved with information, and must be
driven by executive management and supported by the board of directors.
Information security governance
according to IT Governance Institute (2003) is the responsibility of the
board of directors and executive management, and must be an integral
and transparent part of enterprise governance. Information security
governance consists of the leadership, organisational structures and
processes that safeguard information. As in the case of controls,
nothing has changed with respect to the basic premise of information as
an asset. What has changed is the platform and repositories used for
collecting, processing and storing information. This explains why the
board and executive management continue to be responsible and
accountable for the organisation’s most valuable asset, which is
1.2 STATEMENT OF THE PROBLEM
The following lists of the statement of
the problem are not exclusive but give an insight into the number and
magnitude of these problems:
- There is the problem of knowledge gap in the dynamics of Information
Systems Audit i.e. people have failed to update themselves on the
current issues as it relates with Information Systems Audit.
- There is also the problem of non-chalant attitude on the part of
some of the Information System Auditors who have refused to do in-depth
work in the course of their job.
1.3 AIMS OF THE STUDY
The aim of this project is to:
(a) To understand the concept of
Information Technology and Systems audit in the financial sector of
Nigeria and how it plays a very important role especially in the banking
(b) To show the relevance of information technology and systems audit in First Bank.
1.4 OBJECTIVES OF THE STUDY
The objectives of the study are:
- To ascertain that Security provisions protect computer equipment,
programs, communication and data from unauthorized access, modifications
- To ascertain program development and acquisition are performed in
accordance with management’s general and specific authorization.
- To determine an overview of Information Technology Audit.
- To ascertain the types of Information Technology Audit.
- To examine Information Systems Audit process.
- To establish the relationship Information Technology and Systems Audit.
1.5 RESEARCH METHODOLOGY
Questionnaire was designed and
administered to collect data which was analysed to solve some research
questions and hypothesis. Methods or analysis are based on simple
percentage and chi-square analysis.
1.6 RESEARCH QUESTIONS
Answers to the following questions will serve as solutions to the statement of the problems.
- Does the organisation carry out her systems audit using the current control objectives?
- Does the organisation depend on their system for effectiveness?
- The information system personnel employed in the company are highly skilled and have good educational background.
- Are all passwords changed regularly especially the system administrator’s?
- Does the organisation have adequate third party technology support?
- Does the company encourage continuing technology education?
- Does the organisation have backup systems to save vital information?
- Does the company carry out hardware review evaluation on a periodic basis?
- Does the organisation carry out software review evaluation?
- Does the company assess the risk of server going down and upgrading it?
1.7 RESEARCH HYPOTHESES
H0 Information Technology and Systems Audit has a positive influence on the Banking sector in Nigeria.
H1 Information Technology and Systems Audit does not have a positive influence on the Banking sector in Nigeria.
H0 Systems Audit has a positive impact on the computer systems security and information security within an organisation.
H1 Systems Audit does not have any impact on computer systems security and information security within an organisation.
1.8 SIGNIFICANCE OF THE STUDY
- The impact of information technology in business in terms of
information and as a business enabler. It has increased the ability to
capture, store, analyze, and process tremendous amounts of data and
information, which has increased the empowerment of the business
2 Professional associations
and organizations, and government entities recognized the need for IT
control and audit ability.
3 Corporate and information
processing management recognized that computers were key resources for
competing in the business environment and similar to other valuable
business resource within the organization, and therefore, the need for
control and audit ability is critical.
4 The need by Auditor to use computers to perform attested function.
5 To ensure integrity of information system and reporting of organisation finances to
avoid and hopefully prevent future financial fiasco
1.9 LIMITATIONS/SCOPE OF THE STUDY
The scope of this study was limited to
First Bank of Nigeria Plc a financial institution. It focused on the
relevance of information technology in information system audit.
The limitations encountered in the study are as follows:
- The problem of classified information which has affected the research of the study.
- Some respondents did not return the questionnaires given to them.
- The data involved in the study is too voluminous for a test of accuracy.
- Some workers in First Bank were not co-operative and so they could not provide useful information.
1.10 RESEARCH OUTLINE
The study is broken down into 5 chapters and each chapter address the purpose of this paper work:
Chapter 1 Introduction
This should create a picture or overview of what the reader should expect in the study
Chapter 2 Review of Relevant Literature
This would show an in depth explanation into the scope of the study.
Chapter 3 Systems Designs/Design Methodology
This chapter will deal with the methods
and procedures used in the research work. It will also describe the
design of the study, area of the study, the population, the sample and
sampling techniques. The method and instrument of data collection will
Chapter 4 Analysis of Results
It is concerned with the presentation,
analysis and interpretation collected from the research. The analysis is
based on findings extracted from the questionnaires that would be
Chapter 5 Summary, Conclusion and Recommendation
This chapter will summarize, conclude and make recommendations for this write up.