An IT audit is different from a financial statement audit. While a financial audit's purpose is to evaluate whether an organization is adhering to standard accounting practices, the purposes of an IT audit are to evaluate the system's internal control design and effectiveness. This includes but is not limited to efficiency and security protocols, development processes, and IT governance or oversight. The goal is to evaluate the organization's ability to protect its information assets and properly dispense information to authorized parties. The IT audit's agenda may be summarized by the following questions:
Will the organization's computer systems be available for the business at all times when required? (Availability)
Will the information in the systems be disclosed only to authorized users? (Confidentiality)
Will the information provided by the system always be accurate, reliable, and timely? (Integrity)
The IT audit focuses on determining risks that are relevant to information assets, and in assessing controls in order to reduce or mitigate these risks. By implementing controls, the effect of risks can be minimized, but it cannot completely eliminate all risks.
No comments:
Post a Comment