| A resource about IT audit, its | | | | questions. For example to check the |
| guidelines and applications in an | | | | availability, the auditor asks if |
| organization. Includes a review of | | | | computer systems would be available for |
| information technology's best practices | | | | business when it is required. The |
| and operations. | | | | confidentiality can be checked by seeing |
| An IT audit or information technology | | | | if the information in the system can be |
| audit is an examination of the working | | | | accessed by unauthorized users. The |
| of the information technology | | | | auditor can satisfy himself regarding |
| infrastructure. This seeks to find out | | | | the integrity by checking if the |
| if there is proper working in the IT | | | | information provided by the system is |
| sector and if proper control is being | | | | accurate, timely and reliable. An IT |
| maintained. These audits can be | | | | audit can take two forms it can be |
| undertaken independently or in | | | | either of the form of a "general control |
| association with other forms of company | | | | review" or an "application control |
| audit such as financial audit, inventory | | | | review". |
| audit etc. IT audit was formerly called | | | | There are three broad approaches to |
| EDP or Electronic Data Processing audit. | | | | carry out an audit. They are |
| The main purpose of an IT audit is to | | | | technological innovation process audit, |
| find out if the information system is | | | | innovative comparison audit and |
| working efficiently. It tries to find | | | | technological position audit. |
| out if the information system is | | | | In the case of innovation process audit, |
| safeguarding assets, and working towards | | | | the auditor tries to find out the risk |
| the overall development of the | | | | profile of its new and existing projects |
| organization. | | | | by assessing the experience of the |
| Although both IT audit and financial | | | | company in its chosen field, the |
| audit is directed towards the analysis | | | | industry and the market. |
| of the working of the organization, | | | | Comparison audit deals with analysis of |
| there are various prominent ways in | | | | the companies innovative abilities as |
| which these two differ. In case of | | | | compared to its competitors. |
| financial audit, the auditor lays a lot | | | | Technological position audit deals with |
| of importance on internal control. It is | | | | reviewing the technologies needed by the |
| primarily of importance because the | | | | business. It also classifies them in to |
| auditor has to later extensively place | | | | one of the four categories of base, key, |
| reliance on internal control. As a | | | | pacing and emerging. |
| result of this, the work of the auditor | | | | The auditors who perform IT audit hold a |
| gets substantially reduced he does not | | | | very important responsibility and hence |
| have to make a detailed study of all the | | | | it is recommended that only people with |
| financial books while conducting the | | | | the required skill should be appointed |
| financial audit. On the other hand, the | | | | as the auditor. The person to be given |
| focus of IT audit is to find out the | | | | the post of an auditor should have an |
| risks associated with the information | | | | adequate knowledge of information system |
| assets and checking if there are | | | | along with this; he should also have a |
| adequate measures in force to eliminate | | | | general understanding of the accounting |
| or reduce these risks. An auditor tries | | | | principles. Apart from this it is always |
| to evaluate the information systems | | | | beneficial to appoint an auditor who has |
| availability, its confidentiality and | | | | received the CISA (Certified Information |
| its integrity by answering certain | | | | Systems Auditor) credentials. |