What is IT Audit and why is it important?
Information Technology (IT) audit is an audit of an organisation’s IT systems, management, operations and related processes.
The objectives of an IT audit is to provide an assessment of the core IT infrastructure, highlighting issues and providing recommendations as appropriate.
• Evaluating the reliability of data from IT systems which have an impact on the financial statements of the organisations.
• Ascertaining the level of compliance with the applicable laws, policies and standards in relation to IT.
• Checking if there are instances of excess, extravagance, gross inefficiency tantamount to waste in the use and management of IT systems.
Each area has an accompanying status icon which highlights whether everything is working well (Healthy), whether there is a point of interest or something you should be (Aware) of or if there is something which we consider should be addressed as a matter of priority or urgency (Critical). This provides a Threat List which can be investigated and addressed.
Many organisations are spending large amounts of money on IT because they recognise the tremendous benefits that IT can bring to their operations and services. However, they need to ensure that their IT systems are reliable, secure and not vulnerable to computer attacks.
IT audit is important because it gives assurance that the IT systems are adequately protected, provide reliable information to users and properly managed to achieve their intended benefits.
Many users rely on IT without knowing how the computers work. A computer error could be repeated indefinitely, causing more extensive damage than a human mistake.
IT audit could also help to reduce risks of data tampering, data loss or leakage, service disruption, and poor management of IT systems.
How is IT Audit carried out?
Generally, IT audit is carried out as follows:
1. Establish the IT audit objectives and scope linking these to the business operational requirements.
2. Develop an audit plan to achieve the IT audit objectives.
3. Gather information on the relevant IT controls and evaluate them.
4. Perform audit tests, using Computer-Assisted Audit Techniques (CAATs) such as data extraction and analysis software or test data, where appropriate.
5. Report on the IT audit findings.
To find out more and to book an IT Audit contact Maria West on 01268 494101 or email firstname.lastname@example.org