IT Auditing

Overview
  • IT Auditing

An information system (IS) audit or information technology (IT) audit is an examination of the controls within an entity's Information technology infrastructure. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.
It is the process of collecting and evaluating evidence of an organization's information systems, practices, and operations. Obtained evidence evaluation can ensure whether the organization's information systems safeguard assets, maintains data integrity, and are operating effectively and efficiently to achieve the organization's goals or objectives.

IT Auditing Process Includes the definition of:

  1. Responsibility: The Audit Charter should define the mission, aims, goals and objectives of the Information System Audit. At this stage we also define the Key Performance Indicators and an Audit Evaluation process;
  2. Authority: The Audit Charter should clearly specify the Authority assigned to the Information Systems Auditors with relation to the Risk Assessment work that will be carried out, right to access the Client’s information, the scope and/or limitations to the scope, the client’s functions to be audited and the auditee expectations; and
  3. Accountability: The Audit Charter should clearly define reporting lines, appraisals, assessment of compliance and agreed actions.

Risk is the possibility of an act or event occurring that would have an adverse effect on the organisation and its information systems. Risk can also be the potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss of, or damage to the assets. It is ordinarily measured by a combination of effect and likelihood of occurrence.


Contact an Expert