IT audit is the formal verification and validation of the quality and effectiveness of IT controls to support the overall business control objectives.
The use and deployment of information technology is a critical success factor for most organizations. Designing, implementing, operating and maintaining an efficient and effective IT Solution is a difficult task. The speed of change and complexity in the technology arena increase the risk of lower customer satisfaction, higher costs, security or privacy breaches and non-regulatory compliance.
Audits are a critical component of the regulatory compliance process. Auditors can provide assurance to the management and share holders as to compliance of regulatory norms.
The primary objective of the IT Audit is to ensure that the:
1. The organization has designed effective controls to address their compliance requirements and that there are no design deficiencies and
2. The organization consistently applies the controls they have designed and that there are no operational deficiencies
1. Information Gathering – Compile critical information about the business, culture, IT organization, etc.
2 Review Prior Audit Issues – Follow up on the status of prior audit issues based on the committed completion dates
3. Risk Assessment – Identify and assess high risk areas. Validate and prioritize risk areas
4. Develop IT Audit Plan – Develop proposed IT Audit Plan which is finalized with the client management team
5. Execute IT Audit Plan – Coordinate and execute the approved audit projects, report findings and suggested actions
6. Customer Satisfaction Evaluation – Customer’s feedback on the audit conducted
Resources: visit isaca.org for information on IS/IT Audits