Overview of an Information Technology Audit
Information systems or information technology audit is the evaluation of management controls within the IT infrastructure. The obtained evidence from the evaluation determines if the information systems are safeguarding company assets, are maintaining data integrity and are operating effectively to achieve the goals and objectives of an organisation. These audits are performed in conjunction with internal audit, and financial audit and other forms of attestations. IT audits are also known as computer audits or automated data processing audits. In the past, they were known as electronic data processing audits.
The Purpose Of An Information Technology Audit
The purpose of an IT audit is to evaluate the system’s effectiveness and internal control design. It also tries to evaluate the efficiency and security protocols, the development processes and IT governance or oversight. Having control is necessary but may not be enough to provide proper security. The people who are responsible for security should carefully consider if the controls are installed as intended. Or, if they are effective, or if any breach in the security has happened. If so, what actions can be done to prevent future breaches. Unbiased and independent observers should answer these inquiries. These observers perform the task of information system audit. The audit is an examination of information systems including their inputs, output, and processing.
An IT audit’s primary function is to evaluate the systems in place and to guard the organisation’s information. An information technology audit should evaluate the ability of an organisation of protecting its information assets and its ability to properly dispense information to authorised individuals or parties.
Information Technology audit aims to evaluate if:
- The computer systems will be available for business at all instances when required.
- If the information or data in the system will be disclosed or revealed only to authorised or approved users.
- If the information provided by the system is always reliable, accurate and timely.
Information Technology audit hopes to evaluate or assess the risks to the company’s valuable assets and create methods that minimise these risks.
Types Of Information Technology Audit
Goodman & Lawless has three systematic approaches in carrying out IT audits.
- Process audit of Technological innovation. This audit creates a risk profile for new and existing projects. The audit assesses the length and depth of the company’s experience of its chosen technologies and its presence in relevant markets. It also assesses the organisation of each project and the structure of the industry that deals with the project or product, industry and organisation structure.
- Audit on Innovative Comparison. This type of audit analyses the innovative abilities of the company being audited, in comparison to its competitors. It requires the evaluation and examination of the research and development facilities of the company and its track record in producing new products.
- Audit on Technological position. This audit evaluates and reviews the technologies that a company or business has and its need to add more. Technologies are either considered key, base, emerging or pacing.
Below are a spectrum of IT audits in five categories.
- Applications and Systems. This type of audit verifies that the systems and applications are proper, appropriate, efficient and are adequately controlled to provide reliable, valid, timely and secure input, processing and output. Process assurance and system audits form a subtype that focuses on business process centred business IT systems. These audits have an objective of assisting financial auditors.
- Facilities for Information Processing. Audits that verify the processing facility are controlled to ensure accurate, timely and efficient processing of applications under potentially disruptive or normal conditions.
- Systems Development. These audits aim at verifying the systems being developed if they meet the objectives of an organisation. They also try to ensure if the systems are developed in accordance with generally accepted standards for systems development.
- IT and Enterprise Architecture Management. This is an audit that verifies that IT management has developed procedures and organisational structures that ensure a controlled and efficient environment for processing information.
- Extranets, Intranets, Client/Server and Telecommunications. These audits intend to that verify if the telecommunication controls are properly in place on the client’s server and network that connect to the clients and servers.
Information technology audit professionals consider three fundamental types of controls, regardless of the audit type to be performed. They break controls into different disciplines and term them as “access controls”, “security controls’, “IA controls” as definition of the controls involved. In a fundamental level, these controls are Protective or Preventive Controls, Reactive or Corrective Controls and Detective Controls.
If you want to know more about IT audits and our audit services, talk to us and we’ll answer all of your queries.
Kingston Knight Audit are the Auditor Melbourne experts to contact when dealing with your trust account audit, SMSF Audit, financial statement audit, and internal audit requirements. Contact us today, Kingston & Knight Audit offers a free telephone consultation to establish how we can best help you achieve the assurance and compliance you require.