The role of Information Technology (IT) control and audit has become a critical mechanism for ensuring the integrity of information system (IS) and the reporting of organization finances to avoid and hopefully prevent future financial.
Direction to IT Audit function :
- Auditors realized that computers had impacted their ability to perform the attestation function.
- Corporate and information processing management recognized that computers were key resource for competing in the business environment and similar to other valuable business resource within the organization, and therefore, the need for control and auditability is critical.
- Professional associations and organizations, and government entities recognized the need for IT control and auditability.
The breadth and depth of knowledge required to audit IT systems are extensive. For example, IT auditing involves the
- Application of risk-oriented audit approaches
- Use of computer-assisted audit tools and techniques
- Application of standards (national or international) such as ISO 9000/3 and ISO 17799 to improve and implement quality systems in software development and meet security standards
- Understanding of business roles and expectations in the auditing of systems under development as well as the purchase of software packaging and project management
- Assesment of information security and privacy issues which can put the organization at risk
- Examination and verification of the organization’s compliance with any IT-related legal issues that may place the organization at risk
- Evaluation of complex systems development life cycles (SDLC) or new development technique
- Reporting to management and performing a follow-up review to ensure actions taken at work
Source : IT Control and Audit Third Edition (Sandra Senft, Frederick Gallegos)
Be a ... 