| A resource about IT audit, its guidelines and | | | | business when it is required. The |
| applications in an organization. Includes a | | | | confidentiality can be checked by seeing if |
| review of information technology's best | | | | the information in the system can be accessed |
| practices and operations. | | | | by unauthorized users. The auditor can |
| | | | satisfy himself regarding the integrity by |
| An IT audit or information technology audit | | | | checking if the information provided by the |
| is an examination of the working of the | | | | system is accurate, timely and reliable. An |
| information technology infrastructure. This | | | | IT audit can take two forms it can be either |
| seeks to find out if there is proper working | | | | of the form of a "general control review" or |
| in the IT sector and if proper control is | | | | an "application control review". |
| being maintained. These audits can be | | | | |
| undertaken independently or in association | | | | There are three broad approaches to carry out |
| with other forms of company audit such as | | | | an audit. They are technological innovation |
| financial audit, inventory audit etc. IT | | | | process audit, innovative comparison audit |
| audit was formerly called EDP or Electronic | | | | and technological position audit. |
| Data Processing audit. The main purpose of an | | | | |
| IT audit is to find out if the information | | | | In the case of innovation process audit, the |
| system is working efficiently. It tries to | | | | auditor tries to find out the risk profile of |
| find out if the information system is | | | | its new and existing projects by assessing |
| safeguarding assets, and working towards the | | | | the experience of the company in its chosen |
| overall development of the organization. | | | | field, the industry and the market. |
| | | | |
| Although both IT audit and financial audit is | | | | Comparison audit deals with analysis of the |
| directed towards the analysis of the working | | | | companies innovative abilities as compared to |
| of the organization, there are various | | | | its competitors. |
| prominent ways in which these two differ. In | | | | |
| case of financial audit, the auditor lays a | | | | Technological position audit deals with |
| lot of importance on internal control. It is | | | | reviewing the technologies needed by the |
| primarily of importance because the auditor | | | | business. It also classifies them in to one |
| has to later extensively place reliance on | | | | of the four categories of base, key, pacing |
| internal control. As a result of this, the | | | | and emerging. |
| work of the auditor gets substantially | | | | |
| reduced he does not have to make a detailed | | | | The auditors who perform IT audit hold a very |
| study of all the financial books while | | | | important responsibility and hence it is |
| conducting the financial audit. On the other | | | | recommended that only people with the |
| hand, the focus of IT audit is to find out | | | | required skill should be appointed as the |
| the risks associated with the information | | | | auditor. The person to be given the post of |
| assets and checking if there are adequate | | | | an auditor should have an adequate knowledge |
| measures in force to eliminate or reduce | | | | of information system along with this; he |
| these risks. An auditor tries to evaluate the | | | | should also have a general understanding of |
| information systems availability, its | | | | the accounting principles. Apart from this it |
| confidentiality and its integrity by | | | | is always beneficial to appoint an auditor |
| answering certain questions. For example to | | | | who has received the CISA (Certified |
| check the availability, the auditor asks if | | | | Information Systems Auditor) credentials. |
| computer systems would be available for | | | | |