Audit Information System Audit

1602 Words7 Pages
IT audit is examining and evaluating the organization’s internal information, technology infrastructure, policies, regulations, and operational functions. Thorough examination with the use of IT audit allows assessment of system’s internal controls and provides assurance that statements are error-free and reliable.
Proper use of IT audit help auditors in determining the corporate assets, data to be effectively aligned with the overall terms and goals of the business in terms of CIA (confidentiality, integrity, and availability).
One of the key factors in IT auditing and one that audit management struggles with constantly, is to ensure that adequate IT audit resources are available to perform the IT audits. Unlike financial audits, IT audits
…show more content…
PHASE 1: Audit Planning
In this phase we plan the information system coverage to comply with the audit objectives specified by the Client and ensure compliance to all Laws and Professional Standards. The first thing is to obtain an Audit Charter from the Client detailing the purpose of the audit, the management responsibility, authority and accountability of the Information Systems Audit function as follows:
1. Responsibility: The Audit Charter should define the mission, aims, goals and objectives of the Information System Audit. At this stage we also define the Key Performance Indicators and an Audit Evaluation process;
2. Authority: The Audit Charter should clearly specify the Authority assigned to the Information Systems Auditors with relation to the Risk Assessment work that will be carried out, right to access the Client’s information, the scope and/or limitations to the scope, the Client’s functions to be audited and the auditee expectations; and
3. Accountability: The Audit Charter should clearly define reporting lines, appraisals, assessment of compliance and agreed actions.

PHASE 2 – Risk Assessment and Business Process
…show more content…
Planning the IT audit involves two major steps. The first step is to gather information and do some planning the second step is to gain an understanding of the existing internal control structure. More and more organizations are moving to a risk-based audit approach which is used to assess risk and helps an IT auditor make the decision as to whether to perform compliance testing or substantive testing. In a risk-based approach, IT auditors are relying on internal and operational controls as well as the knowledge of the company or the business. This type of risk assessment decision can help relate the cost-benefit analysis of the control to the known

More about Audit Information System Audit

Open Document