An IT audit is
different from a financial statement audit. While a financial audit's
purpose is to evaluate whether an organization is adhering to standard
accounting practices, the purposes of an IT audit are to evaluate the
system's internal control design and effectiveness. This includes but is
not limited to efficiency and security protocols, development
processes, and IT governance or oversight. The goal is to evaluate the
organization's ability to protect its information assets and properly
dispense information to authorized parties. The IT audit's agenda may be
summarized by the following questions:
Will the organization's computer systems be available for the business at all times when required? (Availability)
Will the information in the systems be disclosed only to authorized users? (Confidentiality)
Will the information provided by the system always be accurate, reliable, and timely? (Integrity)
The IT audit focuses on determining risks that are relevant to information assets, and in assessing controls in order to reduce or mitigate these risks. By implementing controls, the effect of risks can be minimized, but it cannot completely eliminate all risks.
Will the organization's computer systems be available for the business at all times when required? (Availability)
Will the information in the systems be disclosed only to authorized users? (Confidentiality)
Will the information provided by the system always be accurate, reliable, and timely? (Integrity)
The IT audit focuses on determining risks that are relevant to information assets, and in assessing controls in order to reduce or mitigate these risks. By implementing controls, the effect of risks can be minimized, but it cannot completely eliminate all risks.
No comments:
Post a Comment