Methods and Techniques of Quality Management for ICT Audit Processes

In modern organizations, Information and Communication Technologies are used to support the organizations’ activities. To manage the quality of the organization processes, audit processes are implemented. Also, the audit processes can aim the quality of ICT systems themselves because their involvement in organization processes. The paper investigates the ways in which a quality management can be applied for audit processes in order to obtain a high level of quality for the audit recommendations. Key-Words: ICT audit, quality management, quality implementation. 1. ICT Audit Process Framework In [3], [6], [7], [8], [9], [10], [11], [12], [13], [14], [15], [16] and [17], the computer audit terminology, framework, methodologies, audit methods and techniques are highlighted. The audit concept signifies evaluation of an organization’s processes and controls. The evaluation is made against standards or documented processes. As result, an independent assessment is provided to evaluate the system or process [18]. IT security audit is a form of the computer audit during which controls regarding the IT security of the system or process are implemented. It represents a systematic evaluation of the IT system or process security to evaluate the measure in which it is conformed to the established criteria. Depending on who does audits, the computer audit has two forms:  Internal audit – is made by audit team that belongs to the organization; the audit reports represents a tool for senior management to adjust the system or processes to documented specifications or organization’s strategies; internal audit reports contain advices and other opinions about the state of the audited system or processes; the internal audit team has limited capabilities to investigate the all aspects, and the audit restricts advices to the competencies of the audit team;  External audit – is made by an independent audit team; this team has not the capability to alter or update the audited system or processes [18]; a set of accepted principles must be considered to lead the audit client to how the system should look like; such a framework is represented by COBIT to indicate the maturity of the system against the external standards. COBIT is a control framework to research, develop, publicize and promote IT governance [5]. Management wants to know more information about IT&C field to understand how IT systems are operated to increase the competitive advantages of the organization. IT systems increase benefits of an organization and introduce new risks that should be understood by management. A control framework should be considered to ensure the following elements [5]: Journal of Mobile, Embedded and Distributed Systems, vol. III, no. 3, 2011