Information Technology Reference
In-Depth Information
Introduction to Auditing Information Systems
Overview
Information system auditing or information technology auditing is the activity of examining
or evaluating of information technology systems. IS auditing also involves assessment of
compliance with established policies, procedures, standards, controls, regulations, and legis-
lation. You will find a long list of what IS audit is all about especially with the ever-growing
use of IT in enterprises. We will take a close look at the various applications of IS audit later
in the chapter.
An IS audit can also be considered as a process of gathering and examining evidence of
an organization's information systems practices and operations. The evidence obtained from
such a review would help determine if the IT systems are secure, compliant, provide protec-
tion to data, and ensure effective and efficient IT service delivery.
It is important to realise that information systems are the lifeline of enterprises that are
highly dependent on IT systems. Typical examples are banks, stock exchanges, or airlines.
These enterprises operate real-time systems and cannot do without the use of IT systems for
more than a few seconds; otherwise, this would entail worldwide disruption of services. The
level of automation in such enterprises is usually end to end meaning that most of their busi-
ness processes are automated.
Because of huge investments and dependence on IT systems, it is important that manage-
ment keeps an eye on how IT systems are used and operated. This calls for a systematic way
of ensuring that IT policies and procedures are implemented and monitored. Senior manage-
ment requires assurance from time to time that IT systems are being used efficiently and are
adding value to the enterprise. This assurance can be provided through the use of informa-
tion system auditors who are called to regularly examine information systems and associated
policies, procedures, practices, and advise management on the status of the systems. IS aud-
itors not only are invited to examine information systems but can be used to conduct various
other types of advisory services, which we will review later in the chapter.
Enterprises often implement IS auditing either by setting up an internal IS audit function or
use an external IS audit firm. Later in the topic, we will assess the benefits and disadvant-
ages of using either audit organisation.
IT risk is a key requirement when an enterprise is implementing an IS audit framework. Be-
fore an IS audit framework is implemented, it is important that an IT risk policy is in place.
Search WWH ::
Custom Search