Information Technology Audit
INFORMATION SYSTEMS AUDIT
Introduction An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. IT auditing is a branch of general auditing concerned with governance (control) of information and communications technologies (computers). IT auditors primarily study computer systems and networks from the point of view of examining the effectiveness of their technical and procedural controls to minimise risks. IT audits are also known as automated data processing (ADP) audits and computer audits or IS, IT or ICT auditing and systems auditing. They were formerly called electronic data processing (EDP) audits History of IS Audit The concept of IT auditing was formed in the mid-1960s. Since that time, IT auditing has gone through numerous changes, largely due to advances in technology and the incorporation of technology into business. Functions of IS/IT Auditor IT Auditor often is the translator of business risk, as it relates to the use of IT, to management, someone who can check the technicalities well enough to understand the risk (not necessarily manage the technology) and make a sound assessment and present risk-oriented advice to management. IT auditors review risks relating to IT systems and processes, some of them are: 1. Inadequate information security (e.g. missing or out of date antivirus controls, open computer ports, open systems without password or weak passwords etc.) 2. Inefficient use of corporate resources, or poor governance (e.g. huge spending on unnecessary IT projects like printing resources, storage devices, high power servers and workstations etc.) 3. Ineffective IT strategies, policies and practices (including a lack of policies for use of Information and Communication Technology (ICT) resources, Internet usage policies, Security practices etc.) 4. IT-related frauds (including phishing, hacking etc)
1 Compiled by: Mr.Avadh Yadav,Bos,Noida
Introduction An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. IT auditing is a branch of general auditing concerned with governance (control) of information and communications technologies (computers). IT auditors primarily study computer systems and networks from the point of view of examining the effectiveness of their technical and procedural controls to minimise risks. IT audits are also known as automated data processing (ADP) audits and computer audits or IS, IT or ICT auditing and systems auditing. They were formerly called electronic data processing (EDP) audits History of IS Audit The concept of IT auditing was formed in the mid-1960s. Since that time, IT auditing has gone through numerous changes, largely due to advances in technology and the incorporation of technology into business. Functions of IS/IT Auditor IT Auditor often is the translator of business risk, as it relates to the use of IT, to management, someone who can check the technicalities well enough to understand the risk (not necessarily manage the technology) and make a sound assessment and present risk-oriented advice to management. IT auditors review risks relating to IT systems and processes, some of them are: 1. Inadequate information security (e.g. missing or out of date antivirus controls, open computer ports, open systems without password or weak passwords etc.) 2. Inefficient use of corporate resources, or poor governance (e.g. huge spending on unnecessary IT projects like printing resources, storage devices, high power servers and workstations etc.) 3. Ineffective IT strategies, policies and practices (including a lack of policies for use of Information and Communication Technology (ICT) resources, Internet usage policies, Security practices etc.) 4. IT-related frauds (including phishing, hacking etc)
1 Compiled by: Mr.Avadh Yadav,Bos,Noida