Information Technology Reference
In-Depth Information
IT Investment Audit
This is an evaluation of an enterprise's investment in IT infrastructure in order to determine
returns from the use the IT systems. Returns can be determined by savings resulting from
automation of business processes or the use of new or more efficient and effective IT sys-
tems. Savings can also be determined from use of fewer employees because most processes
are now being performed by computers. Returns can also be determined from use of less
paper in the office. Instead of sending paper invoices, the new system can make use of
email to send invoices electronically or copies of invoices can be accessed on the company
web portal.
There are a number of other factors that can be used to determine returns on IT investments.
Sometimes it is difficult and not so obvious as automation might increase operating costs,
such as the requirement of highly skilled employees who might command a higher salary.
One might also think of increased network connection fees to link the head office, branch
offices, and business partners.
IT Risk Audit
IT risk audit involves an evaluation of how IT risk has been implemented and is managed
in the enterprise. Effective management of IT risk is a key requirement in any IT envir-
onment. An IS auditor would review an IT risk profile of an enterprise by looking at IT
risk policies, procedures, and the IT risk register. The IS auditor would be looking for evid-
ence that risks have been properly identified and mitigated. The IS auditor would also be
looking for evidence of risk awareness across all levels in the enterprise. This topic will be
reviewed in more detail in chapter 6.
Information Security Audit
In our interconnected world, security risks are ever increasing, and enterprises are vul-
nerable to various threats especially those hosting sensitive client data. Enterprises are re-
quired to put in place effective security measures which will ensure that the IT infrastruc-
ture is properly secured.
Information security auditing involves reviewing areas such as network security, database
and application security, protection from viruses, website security, and intrusion detection.
The IS auditor will also be looking at how secure the IT systems are from both internal
and external threats. An information security audit also covers protection of a number of
information types, such as information in soft copy, hard copy, voice, and video.
Information security is an important aspect of the enterprise, and management normally
calls for security audits to be held more frequently than other audits. In some enterprises,
Search WWH ::
Custom Search