IT AUDIT

An Information Technology audit is the examination and evaluation of an organization's

information technology infrastructure, applications, data use and management, policies,
procedures and operational processes against recognized standards or established policies.
Audits evaluate if the controls to protect information technology assets ensure integrity and
are aligned with organizational goals and objectives.
Purpose of IT audit-An IT audit is different from a financial statement audit. While a financial
audit's purpose is to evaluate whether the financial statements present fairly, in all material
respects, an entity's financial position, results of operations, and cash flows in conformity
to standard accounting practices, the purposes of an IT audit is to evaluate the system's
internal control design and effectiveness. This includes, but is not limited to, efficiency and
security protocols, development processes, and IT governance or oversight. Installing
controls are necessary but not sufficient to provide adequate security. People responsible
for security must consider if the controls are installed as intended, if they are effective, or if
any breach in security has occurred and if so, what actions can be done to prevent future
breaches. These inquiries must be answered by independent and unbiased observers. These
observers are performing the task of information systems auditing. In an Information
systems environment, an audit is an examination of information systems, their inputs,
outputs, and processing.
TYPES OF IT AUDIT

 General Controls Audit: Your work may be to review the generally accepted

controls across all information systems implementation. This might involve
systems development, systems operation, maintenance of systems and
application security. It might also include a general control review of
operating systems, data center security review and policies and procedures
compliance.
 Application Controls Audit: This type of IS audit is focused on a particular
application. Your work will revolve around evaluating the input, processing
and output controls of that particular application or software. The ancillary
issues related to the application for example communication, change control
and issues related to integrity and quality of data will also be considered
during this type of Applications Control audit.
 Systems Development Audit: This type of IS audit focuses on software or
systems development. You will be auditing all the processes of system
development ranging from requirement gathering to the final product in
production systems. Of particular interest is the change management and
super users review in such a situation.
 Integrated Audit: This type of audit involves working with other auditors or
teams like financial auditors or performance auditors.
 Forensic Audit: You may also be asked to perform an audit of a particular
system after unusual and suspicious activity is observed and reported.