Information systems audit is important because it gives assurance that the IT systems are adequately protected, provide reliable information to users, and are properly managed to achieve their intended benefits.
- Appreciate the IT environment
- Understand and mitigate IT risks
- Proper resource management
An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other forms of attestation engagement.
Type of IT Audits:
- Technological innovation process audit. This audit constructs a risk profile for existing and new projects. The audit will assess the length and depth of the company’s experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization, and industry structure.
- Innovative comparison audit. This audit is an analysis of the innovative abilities of the company being audited, in comparison to its competitors. This requires examination of the company’s research and development facilities, as well as its track record in actually producing new products.
- Technological position audit: This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either “base”, “key”, “pacing” or “emerging”.
- Others describe the spectrum of IT audits with five categories of audits:
- Systems and Applications: An audit to verify that systems and applications are appropriate, are efficient and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system’s activity. System and process assurance audits form a subtype, focusing on business process-centric business IT systems. Such audits have the objective to assist financial auditors.
- Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.
- Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development.
- Management of IT and Enterprise Architecture: An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.
- Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.