Information Technology Audit

1278 Words6 Pages

Introduction An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. IT auditing is a branch of general auditing concerned with governance (control) of information and communications technologies (computers). IT auditors primarily study computer systems and networks from the point of view of examining the effectiveness of their technical and procedural controls to minimise risks. IT audits are also known as automated data processing (ADP) audits and computer audits or IS, IT or ICT auditing and systems auditing. They were formerly called electronic data processing (EDP) audits History of IS Audit The concept of IT
…show more content…
Some industry bodies define their own generic information security related standards too e.g. SAS 70 and PCI DSS for financial services
2 Compiled by: Mr.Avadh Yadav,Bos,Noida


Governments and legislatures define standards in the forms of laws and regulations e.g. for electronic signatures, copyright, privacy & governance. Steps in Information Technology Audit Different audit organizations go about IT auditing in different ways and individual auditors have their own favourite ways of working. It can be categorized into six stages:


Compiled by: Mr.Avadh Yadav,Bos,Noida


1. Scoping and pre-audit survey - the auditors determine the main area/s of focus and any areas that are explicitly out-of-scope, based normally on some form of risk-based assessment. Information sources at this stage include background reading and web browsing, previous audit reports, pre audit interview, observations and, sometimes, subjective impressions that simply deserve further investigation. 2. Planning and preparation - during which the scope is broken down into greater levels of detail, usually involving the generation of an audit work plan or risk-control-matrix. 3. Fieldwork - gathering evidence by interviewing staff and
Get Access