| A resource about IT audit, its guidelines and | | | | if computer systems would be available for |
| applications in an organization. Includes a review of | | | | business when it is required. The confidentiality can |
| information technology's best practices and | | | | be checked by seeing if the information in the |
| operations. | | | | system can be accessed by unauthorized users. |
| An IT audit or information technology audit is an | | | | The auditor can satisfy himself regarding the |
| examination of the working of the information | | | | integrity by checking if the information provided |
| technology infrastructure. This seeks to find out if | | | | by the system is accurate, timely and reliable. An |
| there is proper working in the IT sector and if | | | | IT audit can take two forms it can be either of |
| proper control is being maintained. These audits | | | | the form of a "general control review" or an |
| can be undertaken independently or in association | | | | "application control review". |
| with other forms of company audit such as | | | | There are three broad approaches to carry out |
| financial audit, inventory audit etc. IT audit was | | | | an audit. They are technological innovation process |
| formerly called EDP or Electronic Data Processing | | | | audit, innovative comparison audit and |
| audit. The main purpose of an IT audit is to find | | | | technological position audit. |
| out if the information system is working | | | | In the case of innovation process audit, the |
| efficiently. It tries to find out if the information | | | | auditor tries to find out the risk profile of its new |
| system is safeguarding assets, and working | | | | and existing projects by assessing the experience |
| towards the overall development of the | | | | of the company in its chosen field, the industry |
| organization. | | | | and the market. |
| Although both IT audit and financial audit is | | | | Comparison audit deals with analysis of the |
| directed towards the analysis of the working of | | | | companies innovative abilities as compared to its |
| the organization, there are various prominent | | | | competitors. |
| ways in which these two differ. In case of | | | | Technological position audit deals with reviewing |
| financial audit, the auditor lays a lot of importance | | | | the technologies needed by the business. It also |
| on internal control. It is primarily of importance | | | | classifies them in to one of the four categories of |
| because the auditor has to later extensively place | | | | base, key, pacing and emerging. |
| reliance on internal control. As a result of this, the | | | | The auditors who perform IT audit hold a very |
| work of the auditor gets substantially reduced he | | | | important responsibility and hence it is |
| does not have to make a detailed study of all the | | | | recommended that only people with the required |
| financial books while conducting the financial audit. | | | | skill should be appointed as the auditor. The |
| On the other hand, the focus of IT audit is to find | | | | person to be given the post of an auditor should |
| out the risks associated with the information | | | | have an adequate knowledge of information |
| assets and checking if there are adequate | | | | system along with this; he should also have a |
| measures in force to eliminate or reduce these | | | | general understanding of the accounting principles. |
| risks. An auditor tries to evaluate the information | | | | Apart from this it is always beneficial to appoint |
| systems availability, its confidentiality and its | | | | an auditor who has received the CISA (Certified |
| integrity by answering certain questions. For | | | | Information Systems Auditor) credentials. |
| example to check the availability, the auditor asks | | | | |