Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What is meant by information system audit? How it is conducted?

user-image
Question added by venkaramanujam subramanian , Acccounts Manager , CHRONOLOGY M/s Subramanian Associates Practising Chartered Accountants
Date Posted: 2016/10/26
Medhat Abed El Aall
by Medhat Abed El Aall , Finance Director , ElAJ Medical Services Company

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement auditinternal audit, or other form of attestation engagement.

IT audits are also known as "automated data processing (ADP) audits" and "computer audits". They were formerly called "electronic data processing (EDP) audit

Deleted user
by Deleted user

An information system (IS) audit or information technology(IT) audit is an examination of the controls within an entity's Information technology infrastructure. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement. It is the process of collecting and evaluating evidence of an organization's information systems, practices, and operations. Obtained evidence evaluation can ensure whether the organization's information systems safeguard assets, maintains data integrity, and are operating effectively and efficiently to achieve the organization's goals or objectives.

 

PHASE 1: Audit Planning

In this phase we plan the information system coverage to comply with the audit objectives specified by the Client and ensure compliance to all Laws and Professional Standards.

PHASE 2 – Risk Assessment and Business Process Analysis

Risk is the possibility of an act or event occurring that would have an adverse effect on the organisation and its information systems. Risk can also be the potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss of, or damage to, the assets. It is ordinarily measured by a combination of effect and likelihood of occurrence.

 

PHASE 3 – Performance of Audit Work

In the performance of Audit Work the Information Systems Audit Standards require us t o provide supervision, gather audit evidence and document our audit work.

 

PHASE 4: Reporting

Upon the performance of the audit test, the Information Systems Auditor is required to produce and appropriate report communicating the results of the IS Audit. An IS Audit report should:

  1. Identify an organization, intended recipients and any restrictions on circulation
  2. State the scope, objectives, period of coverage, nature, timing and the extend of the audit work
  3. State findings, conclusions, recommendations and any reservations, qualifications and limitations
  4. Provide audit evidence

Farhan Ali
by Farhan Ali , IS Consultant / IT Auditor , National Marine Dredging Co.

Information System Audit / IT Audit is overall examining the IT Infrastructure (Applications, Network, Operating Systems and Databases). IT Audit has broader scope, however it is also carried in parallel to Financial Audit, to very the IT general controls over core business applications. Normally, it comprises of the following areas (not limited to).

1. Access Management

2. Change Management

3. Backup Management

4. Incident and Problem Management

 

I hope this answers your question. For details, please reach me on

 

Regards

 

 

More Questions Like This