Scribd Logo
Cargar

¡Te damos la bienvenida a Scribd!

  • What Is IT Audit?

    Cargado por

    ammar059
    8 vistas2 páginas
    A brief introduction to IT audit.

    Título original

    What is IT Audit?

    Derechos de autor

    © © All Rights Reserved

    Formatos disponibles

    DOCX, PDF, TXT o lea en línea desde Scribd

    ¿Le pareció útil este documento?

    ¿Este contenido es inapropiado?

    Denunciar este documento
    A brief introduction to IT audit.

    Copyright:

    © All Rights Reserved
    Descargue como DOCX, PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    8 vistas2 páginas

    What Is IT Audit?

    Cargado por

    ammar059
    A brief introduction to IT audit.

    Copyright:

    © All Rights Reserved
    Descargue como DOCX, PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    de 2

    What is IT Audit?

    In general, auditing is coined as an independent examination of the internal controls, records and
    related information generated from the system in order to form and opinion on the integrity of the
    system of controls, the compliance with the policies and procedures, and the recommendation of
    control improvements to minimize or limit risks.
    Computer or information technology (IT) or information systems (IS) auditing is a branch of general
    auditing concerned with governance of information and communication technologies. The computer
    systems and networks are studied in order to ensure the effectiveness of their technical and
    procedural controls so as to minimize risks, and also ensure compliance with policies, standards,
    procedures, and laws and regulations.
    Objectives of IT audit:
    1. To provide assurance to management that the integrity of information input, process, and
    output by the computer system is preserved;
    2. The confidentiality of information stored and distributed is protected;
    3. The computer system is available to support continuity in business activities.

    Defining IT-related Risks


    Different set of risks is present as every IT environment is unique depending on the nature of the
    business and the IT infrastructure. Once the auditor has obtained a clear picture of the
    organizations IT environment, a risk assessment should be performed. The auditor should:
    1. Develop processes to identify risks, assess risk, and rank audit subjects using IT risk factors
    and business risk factors;
    2. Identify and quantify IT related risks, including variables (degree of system centralization,
    number of servers, degree of customization, etc.)
    3. Determine suitable risk responses, which may range from just accepting the risk and not
    taking any action, to applying a wide range of specific controls that must be suitable to the
    level of risk faced by the organization.
    Defining the IT Audit Universe
    The IT universe is a finite and all-encompassing collection of audit areas, organizational entities, and
    locations identifying business functions that could be audited to provide adequate assurance on the
    organizations risk management level.
    The auditor could define the audit universe and determine realistic audit subjects by using a topdown approach that identifies:

    Key business objectives and processes by dissecting the business fundamentals.


    Significant applications that support the business processes/operations.
    The critical infrastructure needed for significant business applications.

    The service support model for IT and the role of common supporting technologies such as
    network and mobile devices.
    The major projects and initiatives.

    También podría gustarte