Google
 
   
Login
Username:

Password:


Lost Password?

Register now!
Search

Advanced Search
Main Menu
top books
Polls
What do you think about php-deluxe.net?
Excellent!
Cool
Hmm..not bad
What the hell is this?
encyclopedia
Lisp programming language
Groningen Internet...
Public key certificate
Internet Explorer box...
QMTP
Rich Text Format
ViewSonic
recommendation
compare webbrowser
Freenet DSL
Who's Online
9 user(s) are online (9 user(s) are browsing encyclopedia)

Members: 0
Guests: 9

more...
browser tip
Unix Befehle
manual of unix befehle
recommendation!
Sponsored
partner

Information technology audit

An Information technology audit (or IT audit) is a review of the controls within an entity s technology infrastructure. These reviews are typically performed in conjunction with a Financial audit, internal audit review, or other form of attestation engagement. Formerly called an Electronic data processing (EDP) audit, an IT audit is the process of collecting and evaluating evidence of an organization s Management information systems, practices, and operations. Evaluation of the evidence ensures whether the organization s information system safeguards assets, maintains Data integrity, and is operating effectively and efficiently to achieve the organization s goals.

An IT audit is also known as an EDP Audit, an Information Systems Audit, and a computer audit.

=Purpose=

An IT audit is similar to a financial statement audit in that the study and evaluation of the basic elements of internal control are the same. However, the purpose of a financial statement audit is to determine whether an organization s Financial statements and financial condition are presented fairly in accordance with generally accepted accounting principles (GAAP). The purpose of an IT audit is to review and evaluate an organization s information system s availability, confidentiality, and integrity by answering questions such as:

  • Will the organization s computer systems be available for the business at all times when required (Availability)
  • Will the information in the systems be disclosed only to authorized users (Confidentiality)
  • Will the information provided by the system always be accurate, reliable, and timely (Integrity)

    • = Types of IT Audits =

  • Computerized Systems and Applications: an audit to verify that systems and applications are appropriate to the entity s needs, is efficient, and adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system s activity.

  • Information Processing Facilities: an audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.

  • Systems Development: an audit to verify that the systems under development meets the objectives of the organization, and ensures the systems are developed in accordance with generally accepted standards for Systems development life cycle.

  • Management of IT and Enterprise Architecture: an audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.

  • Client/Server, connecting the clients and servers.

    • = IT audit process =

    The following are the basic steps in performing the Information Technology Audit Process:

    # Planning the audit # Evaluation of internal controls # Audit procedures # Completing the audit

    = History of IT auditing =

    The concept of IT auditing was formed in the mid-1960 s and has gone through numerous changes due to advances in technology and the incorporation of technology into business.

    = IT audit topics =

    == Regulations and legistation related to IT audits ==

    Several information technology audit regulations have been introduced in the past few years. These include the Gramm Leach Bliley Act, the Sarbanes-Oxley Act, and the Health Insurance Portability and Accountability Act(HIPAA).

  • COBIT
  • HIPAA
  • Gramm-Leach-Bliley Act (GLBA)
  • Sarbanes-Oxley Act
  • Companies with Sarbanes-Oxley certification delays and material weaknesses caused by IT issues
  • Captaris Inc. - material weakness and filing delay due to inadequate internal controls and related IT controls per SOX requirements
  • Cray Inc. - numerous material weaknesses in internal control over financial reporting, specifically, inadequate review of third-party contracts and lack of software application controls and documentation

    • == Security ==

    Auditing information security is a vital part of any IT audit. Within the broad scope of auditing information security we find topics such as Auditing Information Security#Auditing Data Centers, Auditing Information Security#Auditing Networks and Auditing Information Security#Auditing application security. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases and highlights key components to look for and different methods used for auditing these areas. It is important to remember that in this ever expanding technical realm these things are always changing and as such IT auditors must continue to expand their knowledge and understanding of systems and the systems environment to help verify and ensure information security.

    = Emerging Issues =

    Technology changes rapidly and so do the issues IT auditors must face. From biometric retinal scans to protecting physical security to transmitting data from a cell phone, this issue is truly limited only to ones imagination.

    =See also=

    *IT audit resources *Famous IT Auditors & Experts *Information technology audit - operations

    == Operations ==

    *Backup systems and recovery *Change management auditing *Software development life cycle auditing *Helpdesk and incident reporting auditing *SAS 70 *Disaster recovery and business continuity auditing *Evaluating the qualifications of IT personnel for the purposes of an audit

    == Auditing systems, applications and networks ==

    *Operating system audit *Mainframe audit *Database audit *Enterprise Resource Planning audit *Systems applications products audit

    ==Computer Forensics==

    *Computer forensics *Data analysis (information technology)

    ==Fraud==

    *Computer fraud case studies *SAS 99