IT Audit Explained

Sep 19
07:33

2007

Gavin Sanderson

Gavin Sanderson

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

A resource about IT audit, its guidelines and applications in an organization. Includes a review of information technology’s best practices and operations.

mediaimage

An IT audit or information technology audit is an examination of the working of the information technology infrastructure. This seeks to find out if there is proper working in the IT sector and if proper control is being maintained. These audits can be undertaken independently or in association with other forms of company audit such as financial audit,IT Audit Explained Articles inventory audit etc. IT audit was formerly called EDP or Electronic Data Processing audit. The main purpose of an IT audit is to find out if the information system is working efficiently. It tries to find out if the information system is safeguarding assets, and working towards the overall development of the organization.

Although both IT audit and financial audit is directed towards the analysis of the working of the organization, there are various prominent ways in which these two differ. In case of financial audit, the auditor lays a lot of importance on internal control. It is primarily of importance because the auditor has to later extensively place reliance on internal control. As a result of this, the work of the auditor gets substantially reduced he does not have to make a detailed study of all the financial books while conducting the financial audit. On the other hand, the focus of IT audit is to find out the risks associated with the information assets and checking if there are adequate measures in force to eliminate or reduce these risks. An auditor tries to evaluate the information systems availability, its confidentiality and its integrity by answering certain questions. For example to check the availability, the auditor asks if computer systems would be available for business when it is required. The confidentiality can be checked by seeing if the information in the system can be accessed by unauthorized users. The auditor can satisfy himself regarding the integrity by checking if the information provided by the system is accurate, timely and reliable. An IT audit can take two forms it can be either of the form of a “general control review” or an “application control review”.

There are three broad approaches to carry out an audit. They are technological innovation process audit, innovative comparison audit and technological position audit.

In the case of innovation process audit, the auditor tries to find out the risk profile of its new and existing projects by assessing the experience of the company in its chosen field, the industry and the market.

Comparison audit deals with analysis of the companies innovative abilities as compared to its competitors.

Technological position audit deals with reviewing the technologies needed by the business. It also classifies them in to one of the four categories of base, key, pacing and emerging.

The auditors who perform IT audit hold a very important responsibility and hence it is recommended that only people with the required skill should be appointed as the auditor. The person to be given the post of an auditor should have an adequate knowledge of information system along with this; he should also have a general understanding of the accounting principles. Apart from this it is always beneficial to appoint an auditor who has received the CISA (Certified Information Systems Auditor) credentials.