Defining IT Audit

The audit approach towards IT (information technology) environment has evolved through different phases since 1960s; i.e. “audit around computers”, “audit with computers” and “audit through computers” due to the changes in audit universe in parallel with progresses in IT.

A series of hot topics such as IT governance, international information infrastructure, e-commerce, security, and privacy and control of public and enterprise information have initiated the need for assurance. Hence, it can be stated that a very limited scope of IT audit of 1960s has broadened in harmony with the enhancements of the IT revolution in such a way that IT audit is interested in every facets of today’s business environment.

IT audit (Information Technology Audit) or IS audit (Information System Audit), formerly is formerly known as electronic data processing  audit (EDP Audit) or is sometimes referred as computer audit. A common definition for IT audit could be formulated as the process of collecting and analysing evidence in an IT environment in order to reach an audit opinion and findings in harmony with audit objectives set at the beginning of audit work. The objectives of an IT audit  is to review ITC (information technology and communication) systems of an organisation in order to assess timeliness, accuracy, completeness, and reliability of information produced in that IT environment.Nonetheless, IT audit objectives may differ from one audit to another depending on the audit subjects such as IT governance, system development, information security, IT project management, IT performance management or management of financial information systems.

Overall, IT auditors are expected to give reasonable assurance to senior managements on the design and implementation of the relevant controls on information systems. Therefore, it is very critical to clearly define the audit objectives so as to appropriately translate them into general controls and application controls.

Resources:

  1. Asian Organisation of Supreme Audit Institutions
  2. Gallegos, F., Senft, S.,  Manson, D. P. And Gonzales, C. (2004), “Information Technology Control and Audit”, CRC Press LLC, Florida.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s