Find in Library

An Information Systems (IS) Auditor performs several audit related functions in a Small and Medium Enterprise (SME) such as preparation of a written IS audit procedure, comparison of actual IS configuration with documented configuration standards, assess whether IS assets are secure, check the access rights for users and system services, check for the presence of IS security procedures and finally analyze transactions in an information system. The current work focuses on a quantitative approach to measure the effectiveness of the IS audit functions in selected small and medium enterprises. The variations in KPI scores between sectors and regions are analyzed for the sample SMEs. Finally, the operational best practices for IS Auditors working in SMEs are suggested.