Today there is a growing demand for IT-auditors. Many organizations depend on information and communication technology for their day-to-day operations. Continued availability of this technology is a requirement for survival. Managers rely on the security of their networks and computer systems. Fortunately they can make use of the expert judgement and advice of an IT-auditor, concerning the strengths and weakness of the IT-support of their organization.
NOREA is the professional association for IT-auditors in the Netherlands.
At present, NOREA has over 1500 registered members, the Registered EDP Auditors (RE's). All have met explicit requirements for registration. These requirements include the successful completion of a recognized post graduate course on IT-auditing. NOREA’s members have the professional resources to tackle a wide range of assignments.
RE's audit and advise on the quality of the IT-support of the organization. Key perspectives for the IT-audit and advise are effectiveness, efficiency, manageability, continuity, integrity, security and auditability.
NOREA works to create a greater recognition of the importance of IT-auditing, to improve the standards of practice of the RE and to provide the necessary additionals training of its members. NOREA operates in many national committees on IT-issues, published a Dutch language quarterly magazine "De EDP-Auditor", defines auditing standards of practice and organizes conferences and workshops.
The significance of Information Technology
Automation, electronic data processing (EDP), information technology (IT) are three concepts which refer to the same evolving phenomenon. A world without IT has now become unimaginable. The problems, that all manner of organizations have faced in the transition to the new millennium, underline the extent of our massive dependence upon computer systems. Strategic and operational tasks are almost impossible carry ouit effectively without IT. IT is not only become an essential part of internal processes but it is also crucial to the maintenance of relationships between businesses, their suppliers and their customers. Indeed society as a whole now recognizes its vulnerability. Directors and managers, who bear the responsibility for automated processes, require sound information and advice on the quality of the IT-support. Qualified IT-auditors (Res) are the people best equipped to audit and advise on the vulnerabilities.
The task of the IT auditor
The qualified IT auditor provides impartial assessment and advice on the quality aspects of IT, aspects such as reliability, security, continuity, confidentiality, efficiency and effectiveness. The IT auditor works under the direct authority of management or senior management but can also provide direct support for an accountant. The assessments made and advice given cover the following aspects of IT:
- Information strategy
- Information management and information technology
- Information systems
- Technical systems
- Processing systems
- Operational support
The profession of IT auditor calls for expertise in the field of information technology, provision of management information and organization. IT auditors are also familiar with research methods and techniques, testing and risk assessment. They also know all about the cost of IT and are often able to bring specific skills to bear in a number of application areas. The social relevance of IT raises the stakes in terms of the quality expected from IT auditors in carrying out their assignments.
The role of NOREA
NOREA considers contributing to the expertise of its members that they can operate in accordance with recognized rules for professional good practice. The expertise of qualified IT auditors is assured in a number of ways. NOREA membership is only open to candidates who have successfully completed a graduate or postgraduate course in IT auditing and who have at least three years’ experience in the profession. Once the expertise of the candidate in question has been positively evaluated and they have agreed to abide by the rules of the profession, their name can be added to the public register. This allows them to place the letters ‘RE’ after their name as an indication of the protected title which denotes their level of expertise. After their registration, the IT auditors are required to devote a minimum amount of time to permanent education.
In addition to these requirements, NOREA imposes a number of other rules in the interests of sound professional practice:
- Rules of the profession and code of conduct
- Guidelines and recommendations
- An independent tribunal for dealing with complaints and disputes.
This way of working provides both the individual customer and society as a whole with a guarantee of the level of expertise which qualified IT auditors represent.
NOREA also organizes regular conferences and seminars about the profession for its members and interested parties, as well as encouraging the publication of professional articles and reports. NOREA also publishes its own quarterly journal, 'the EDP Auditor'.
In addition to registered members, NOREA also has prospective members and associate members.
NOREA, the professional association for IT-auditors
Antonio Vivaldistraat 2-8
P.O. Box 7984
1008 AD Amsterdam
Tel: +31 (0)20 3010380
Fax: +31 (0)20 3010302