Defining IT Audit
The audit approach towards IT (information technology) environment has evolved through different phases since 1960s; i.e. “audit around computers”, “audit with computers” and “audit through computers” due to the changes in audit universe in parallel with progresses in IT.
A series of hot topics such as IT governance, international information infrastructure, e-commerce, security, and privacy and control of public and enterprise information have initiated the need for assurance. Hence, it can be stated that a very limited scope of IT audit of 1960s has broadened in harmony with the enhancements of the IT revolution in such a way that IT audit is interested in every facets of today’s business environment.
IT audit (Information Technology Audit) or IS audit (Information System Audit), formerly is formerly known as electronic data processing audit (EDP Audit) or is sometimes referred as computer audit. A common definition for IT audit could be formulated as the process of collecting and analysing evidence in an IT environment in order to reach an audit opinion and findings in harmony with audit objectives set at the beginning of audit work. The objectives of an IT audit is to review ITC (information technology and communication) systems of an organisation in order to assess timeliness, accuracy, completeness, and reliability of information produced in that IT environment.Nonetheless, IT audit objectives may differ from one audit to another depending on the audit subjects such as IT governance, system development, information security, IT project management, IT performance management or management of financial information systems.
Overall, IT auditors are expected to give reasonable assurance to senior managements on the design and implementation of the relevant controls on information systems. Therefore, it is very critical to clearly define the audit objectives so as to appropriately translate them into general controls and application controls.
- Asian Organisation of Supreme Audit Institutions
- Gallegos, F., Senft, S., Manson, D. P. And Gonzales, C. (2004), “Information Technology Control and Audit”, CRC Press LLC, Florida.