Information Technology Reference
In-Depth Information
use of IS auditing in order to ensure use of effective IT controls in public organisations and
private enterprises enlisted on the stock exchange.
Types of Information Systems Audits
There are various types or reasons for conducting information systems audits as indicated
earlier. In the next two pages, we will review the common types of IS audits (see figure
1.1) which are used in most enterprises. You will discover later that IS audit can be used to
support various types of advisory work.
#
Types of Audits
Category
1
IT General Controls Audit
General
2
Application Controls Audit
Information Systems
3
IT Governance Audit
IT Governance
4
IT Investment Audit
IT Governance
5
IT Risk Audit
IT Risk Management
6
Information Security Audit
Information Security
7
System Development Audit
Information Systems
8
Business Continuity Audit
Information Security
9
IT Performance Audit
IT Governance
10
Compliance Audit
IT Governance
11
Specialised Audits
Information Systems
Figure 1.1 Types of Audits
IT General Controls Audit
This is a general review of global controls in an IT environment. There are a number of
areas which are covered using an IT general controls audit, such as access controls, compli-
ance with internal policies and IT procedures, environmental controls, and disaster recov-
ery. IT general controls audits may be performed to support or in conjunction with financial
statement audits, internal audits, or other forms of attestation.
When an IT general controls audit is used to support financial audits, IS auditors would be
requested to perform an ITGC audit so that they give assurance to financial auditors on the
Search WWH ::
Custom Search