Especialización en Auditoria de sistemas

Permanent URI for this collection

https://repositorio.uan.edu.co/handle/123456789/2240

Browse

Now showing 1 - 20 of 44

Retos y Oportunidades de la Auditoría de Sistemas Basada en Inteligencia Artificial y Aprendizaje Automático
(Universidad Antonio Nariño) Collante Herrera, Jesús Miguel; Mayorga Galarza, Mario Fernando
This article discusses the challenges and opportunities of implementing artificial intelligence and machine learning in the field of systems auditing. Technological advancements have transformed the way businesses operate, and AI and ML can enable automating tasks, analyzing large volumes of data, reducing errors, increasing operational efficiency, and reducing costs.
Evaluación del cumplimiento de los elementos de control en las transacciones y operaciones Business to Business to Consumer to Consumer (B2B2C2C)
(Universidad Antonio Nariño) Pinto Bautista, Hey Lens Jair; Oliveros Parra, Katherin Vanessa; Alfonso Combita, Dora Jeaneth
In view of the notable rise of e-commerce and B2B2C2C business models, the central purpose of this article is to provide a detailed description of how they work, examine in detail the components that must be taken into account when carrying out an audit and evaluate compliance with the elements subject to control in Business to Business to Consumer to Consumer transactions and operations.
Evolución de la auditoría de Sistemas en la era digital
(Universidad Antonio Nariño) Sánchez Hernández, Manuel Eduardo; Robles Bolívar, Catherine Paola; Arenas Correa, Hernan Dario
This academic article examines the evolution of systems auditing in response to technological advances and the increasing complexity of computer systems. The technological transformations that promoted the transition to the digital era and their impact on the management and security of computer systems are highlighted. The critical role of systems auditing in ensuring cybersecurity, data protection and regulatory compliance in a highly interconnected digital context is analyzed. Additionally, key recommendations for system auditing are provided in relation to emerging technologies such as quantum computers.
Guía para evaluar un programa de cumplimiento en la Nube
(Universidad Antonio Nariño) García Gutiérrez, Jorge Wilmar; Gómez Escallón, Juan Felipe; Alfonso Combita, Dora Jeaneth
This article is designed to help the reader understand and strengthen their compliance initiatives in cloud environments. To do this, it begins with the contextualization of cloud computing, then goes deeper into the documentation related to the different components of a compliance program, as well as the challenges that companies face in its implementation, and ends with a proposal to evaluating your compliance program. This is done using the CSA cloud controls matrix and the COBIT governance framework performance management process.
La importancia de la auditoría de sistemas en el comercio electrónico
(Universidad Antonio Nariño) Umaña Martínez, Camilo Hernán; Mayorga Galarza, Mario Fernando
The article describes in a very general way the importance and benefits of carrying out a systems audit of e-commerce, which is exposed to new risks that affect organizations that chose to adapt to the system, this allowing cybercriminals to generate different methods of fraud and benefit from vulnerabilities, when these risks are detected, organizations are alerted with recommendations that they can implement to increase their security, It is explained how the ISO 19011:2018 guidelines for the audit of management systems allows the systems auditor to carry out an audit efficiently according to its principles, capabilities and requirements necessary to perform it, the article also highlights the growth that e-commerce has had in Colombia in recent years and the regulations that currently govern it, It is explained that systems auditing is a tool that is used to help e-commerce by evaluating the risks and controls that are part of information systems and how when carrying out these evaluations, recommendations arise to improve security, regulatory compliance, performance and user confidence
Guía Para La Ejecución De Una Auditoria De Sistemas A La Plataforma Secop (Sistema Electrónico De Contratación Pública)
(Universidad Antonio Nariño) Vega Pacaya, Alex Alvaro; Arenas Correa, Hernán Dario
The SECOP, Electronic System for Public Procurement, is an online platform used in Colombia to manage and publish the State's public procurement processes. In order to comply with Law 1712 of 2014, which seeks to regulate the right of access to public information, the procedures for the exercise and guarantee of the right and the exceptions to the publicity of information. For this reason, the publication of contracts in the SECOP is necessary.
Metaverso: El nuevo reto para los auditores
(Universidad Antonio Nariño) Callejas Orrego, Luisa Fernanda; Roa Barón, Nydia Esperanza; Alfonso Combita, Dora Janeth
The metaverse is a digital environment that simulates spaces that mimic the real world allowing users to interact in it. Through the use of Virtual Reality (VR) making it easier for them to immerse themselves in digital environments using software that copies the world with the help of virtual reality helmets making them experience immersion in these new worlds;Augmented Reality (AR) modifies the vision of reality through inputs produced by an electronic device (Internet of Things - IoT) and Mixed Reality (MR) anchors the virtual objects of the world in which they live and thus can interact.
Guía para realizar una Auditoría al Sistemas de Gestión de Seguridad de la Información desarrollada bajo la NTC-ISO/IEC 27001:2013
(Universidad Antonio Nariño) Guzmán Díaz, Jorge Mario; Mayorga Galarza, Mario Fernando
An Information Security Management System (ISMS) is crucial for protecting an organization's information assets. To effectively implement it, risks must be identified and evaluated, appropriate policies and procedures established, and clear responsibilities assigned.The NTC-ISO/IEC 27001 (ICONTEC, 2013), COBIT5, or MAGERIT standards can be employed for its implementation. The audit of the ISMS, based on ISO/IEC 27007 (ISO, 2020), assesses compliance and effectiveness through documentation review, interviews, and technical testing.
¿La Auditoria De Sistemas Como La Profesión Infaltable En Una Organización?
(Universidad Antonio Nariño) Sobrino Torres, Fabian Isaac; Mayorga Galarza, Mario Fernando
The Systems Audit is a process of evaluation, verification, validation and compliance, which is responsible for diagnosing, identifying the activities that are carried out in the areas of the organizations and with greater emphasis on the areas of technology. Although in the 21st century, these areas have taken on relevant importance, because organizations, in order to evaluate their processes, and see how their internal X-ray is, and try to minimize the risk, have chosen to have the audit of systems, whether internal or external.
Guía de verificación para el auditor, sobre el nivel de cumplimiento de la política de Gobierno Digital (Habilitador de Arquitectura)
(Universidad Antonio Nariño) González Giraldo, Carlos Alberto; Guerra Brango, Jose Angel; Arenas Correa, Hernán Dario
The Colombian government developed the digital government policy to be adopted by public entities, but its adoption has generated in the entities situations of saturation and confusion of the standard and deficient and non-objective evaluations by the auditor. For this reason it is necessary to develop a verification guide for the auditor, which allows him to measure the level of compliance with the architecture enabler of the digital government policy and its management model, adopting a method of qualitative documentary research, analysis and observation techniques through which to explain and describe the principles, domains, guidelines, guidelines and deliverables that comprise it and the construction of a working paper for the auditor that allows him to measure effectively and efficiently the adoption of the policy.
Auditoria Informática Forense en el plagio de derecho de autor.
(Universidad Antonio Nariño) Sánchez Baquero, Lina María; Mayorga Galarza, Mario Fernando
he Forensic Audit is a tool that can help in the prevention and detection of incidents related to the plagiarism of intellectual property. In particular, preventive activities make it possible to reduce this risk within organizations, avoiding economic and reputational effects; and also, to optimally react and manage an incident of this type by implementing appropriate computer forensic techniques.
La importancia de la automatización de la auditoría de sistemas a través de procesos robóticos (RPA)
(Universidad Antonio Nariño) Cárdenas Castillo, Claudia Jannethe; Casalins Jiménez, Juan Roberto; Arenas Correa, Hernán Darío
Automation (RPA), to expose the state of the art, to interpret the usefulness, and to conclude on the importance of applying RPA during the execution of the systems audit process. The absence or ignorance of handling emerging technologies such as RPA in systems auditing places the auditor at a competitive disadvantage against market demands, this impact has a negative impact on factors such as efficiency, productivity, quality of results and costs in the required tasks.
Recomendaciones para la Realización de una Auditoría Efectiva de Sistemas de Forma Remota
(Universidad Antonio Nariño) Villareal Ariza, Yennys María; Quintero Vega, Ronal Fernando; Alfonso Combita, Dora Janeth
This work aims to inform the reader of the necessary requirements to perform a remote systems audit; describe the technological tools that can be used to perform and that contribute to this work environment, applying the quality standards required by ISO 9001:2015, in order to facilitate its effectiveness; mention the guidelines in order to achieve the proposed objectives, identifying if the organization is viable or has the technological infrastructure for its realization, taking as references methodologies and recommendations of auditing firms and certifying entities It is hoped that this document will be useful and that it can guide organizations and auditors in conducting remote system audits effectively.
Importancia de las herramientas CAAT's para monitorear el tráfico de red, en la ejecución de una auditoría de sistemas.
(Universidad Antonio Nariño) Ávila Parra, Ana Betsabeth; Lozada Gaviria, Hugo Alberto; Arenas Correa, Hernán Darío
The CAAT's (Computer Assisted Audit Techniques) are a set of techniques and tools, which proposes the improvement of the efficiency, scope and reliability of the analyzes carried out by the auditor. These include pervasive audit software, software utility, test data and expert systems. In the case of utility software, for example, we find those that are focused on monitoring data network traffic, where the amount of information can vary depending on the size of the network and the type. This article aims to make known the benefits and advantages, as well as the general operation of these network monitoring tools, additionally it shows which are the most used in the national and international market, including the projects that They are in the research and development phase.
Evolución de la Auditoría de Sistemas en Colombia
(Universidad Antonio Nariño) Salas Machado, Jaime Alfredo; Mayorga Galarza, Mario Fernando
This article aims to publicize the evolution of the audit of systems in Colombia, what was its possible beginning, its main drivers, see in which certain audit terms that are frequently used today took more strength. How the international audit environment influenced Colombia and what changes brought about the use of technology tools in different areas of the Colombian market and government
Una mirada al proceso de restitución de tierras desde la accountability social
(Universidad Antonio Nariño) Olaya Alvarez, Yeny Paola; Espinosa Giraldo, Yuliet Andrea
The objective of this research is to carry out an analysis of the management and compliance of the land repair process through Social Accountability carried out by the Land Restitution Unit, an entity that was created with Law 1448 of 2011, in charge of the reestablishment of rights and full reparation to all those people who, as of January 1, 1991, were forced to leave their lands as a consequence of the armed conflict that Colombia has experienced for so many years. The type of research that was carried out was of a documentary and exploratory nature, since we went to different sources of information for the development of this study, where the data published in the reports of the aforementioned entity in charge were taken, in such a way that they could determine the degree of progress in this process in its different stages from the entry into force of the Law until December 31, 2021. On the other hand, it is important to highlight the importance of Social Accountability, which consists of the responsibility that we citizens have in carrying out social control of state entities, in such a way that as professionals in accounting sciences, we can support the review of the management of these entities
Formulación de un modelo metodológico para gestionar los riesgos en las aplicaciones móviles.
(Universidad Antonio Nariño) Álvarez Sánchez, Yazmín Lulú; Sanjuan Durán, Andrés Mauricio; Mayorga Galarza, Mario Fernando
In this article the main objective is to propose a methodological model for risk management in the development and implementation of mobile applications for those organizations dedicated to their development. Nowadays, companies recognize the great benefit of using technological solutions to strengthen their business system. Considering the rise of mobile applications, it is necessary to design a methodological model that allows us to manage the risks that may arise when developing and implementing these applications in companies and thus be able to reduce the risk that may arise, because it can have unfortunate consequences within an organization, the risks that can arise are many, this according to the type of mobile applications to which the risks can be managed. The scope of the article is based on the risk problems that arise in mobile applications and the risk management plans that organization that use mobile applications must have for the proper functioning of their organizations. The proposed methodology CVEM, frames the realization of a guide for carrying out risk management in mobile applications within organizations. Among the results obtained is the characterization of risks and their classification, which allowed limiting the scope of the project, subsequently the domains of the ISO 31001 standard (2018 RISK ADMINISTRATION AND MANAGEMENT) were validated in order to find the controls that will cover these vulnerabilities, through the risk management plan.
Guía dada por la auditoría de sistemas en la contratación de tecnología para la implementación de la facturación electrónica.
(Universidad Antonio Nariño) Gacharna Guerrero, Lady Carolina; Santodomingo Rodriguez, Adalberto Rafael; Mayorga Galarza, Mario Fernando
Aporte de la auditoria de sistemas a la implementación de la interoperabilidad del sistema de recaudo electrónico vehicular (IP-REV) definido por el ministerio de transportes para los peajes de colombia
(Universidad Antonio Nariño) Del Castillo Narváez, Jasón; Arenas Correa, Hernán Darío
The Ministry of Transport undertook an interoperability project, and granted a deadline of October 2022. The study aims to answer the question: What are the technical and interoperability specifications required by the Ministry of Transport to certify that the Road and Toll Concessionaire Does it have a technological and computer infrastructure for the Implementation of the IP/REV in the tolls of Casablanca, Oiba, Curití, Curos and Saboyá? It is justified because the product adds value and benefits the stakeholders to know the main items that give rise to understanding, identify technological risks and propose a system audit model that allows mitigating the risks that could arise in the implementation of the electronic system. (IP-REV), to achieve the objective of the project. The theoretical reference focused on the Contractual Obligations, the Regulations such as Laws 80/1993 and 1508/2012, in addition to the background, and technical requirements defined by the Mintransporte for the IP/REV. In order to carry out a systems audit for the implementation of the IP/REV in the tolls of Casablanca, Oiba, Curití, Curos and Saboyá, it is necessary to apply a methodology such as that provided by the ISO 31000 standard (Risk management) and the NTC 5254 standard that provides the guidelines for its realization, in addition to carrying out field and documentary research that contributes to the knowledge of the contexts associated with the operation of interoperability of tolls and the use of procedures, techniques and systems audit tools to carry out the audit
Modelo de auditoría a los acuerdos de niveles de servicio – ANS que soportan los contratos de gestión de tecnología en las entidades bancarias colombianas
(Universidad Antonio Nariño) Ríos Verdugo, Elisa Fernanda; Oviedo Rodríguez, Cristian Eduardo
The purpose of this article is to learn about the ANS agreed between technological service providers and entities belonging to the banking sector in Colombia, in order to define and establish the risks associated with the management of services and technologies contracted with third parties. Process that will form the main basis for the design of a model for monitoring and controlling compliance with the contracts established between the various Colombian banking entities and their suppliers.

Browse

Recent Submissions