Welcome to your ultimate accounting resource


IT Audit Explained

A resource about IT audit, its guidelines andbusiness when it is required. The
applications in an organization. Includes aconfidentiality can be checked by seeing if
review of information technology's bestthe information in the system can be accessed
practices  and  operations.by unauthorized users. The auditor can
satisfy himself regarding the integrity by
An IT audit or information technology auditchecking if the information provided by the
is an examination of the working of thesystem is accurate, timely and reliable. An
information technology infrastructure. ThisIT audit can take two forms it can be either
seeks to find out if there is proper workingof the form of a "general control review" or
in the IT sector and if proper control isan  "application  control  review".
being maintained. These audits can be
undertaken independently or in associationThere are three broad approaches to carry out
with other forms of company audit such asan audit. They are technological innovation
financial audit, inventory audit etc. ITprocess audit, innovative comparison audit
audit was formerly called EDP or Electronicand  technological  position  audit.
Data Processing audit. The main purpose of an
IT audit is to find out if the informationIn the case of innovation process audit, the
system is working efficiently. It tries toauditor tries to find out the risk profile of
find out if the information system isits new and existing projects by assessing
safeguarding assets, and working towards thethe experience of the company in its chosen
overall  development  of  the  organization.field,  the  industry  and  the  market.
Although both IT audit and financial audit isComparison audit deals with analysis of the
directed towards the analysis of the workingcompanies innovative abilities as compared to
of the organization, there are variousits  competitors.
prominent ways in which these two differ. In
case of financial audit, the auditor lays aTechnological position audit deals with
lot of importance on internal control. It isreviewing the technologies needed by the
primarily of importance because the auditorbusiness. It also classifies them in to one
has to later extensively place reliance onof the four categories of base, key, pacing
internal control. As a result of this, theand  emerging.
work of the auditor gets substantially
reduced he does not have to make a detailedThe auditors who perform IT audit hold a very
study of all the financial books whileimportant responsibility and hence it is
conducting the financial audit. On the otherrecommended that only people with the
hand, the focus of IT audit is to find outrequired skill should be appointed as the
the risks associated with the informationauditor. The person to be given the post of
assets and checking if there are adequatean auditor should have an adequate knowledge
measures in force to eliminate or reduceof information system along with this; he
these risks. An auditor tries to evaluate theshould also have a general understanding of
information systems availability, itsthe accounting principles. Apart from this it
confidentiality and its integrity byis always beneficial to appoint an auditor
answering certain questions. For example towho has received the CISA (Certified
check the availability, the auditor asks ifInformation Systems Auditor) credentials.
computer systems would be available for



1 A B C D E 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 130 131 132 133