IS audit is the process of collecting and examine the management of controls over an organization’s information systems, practices, controls and operations. The analysis of evidence obtained through the IS audit process determines whether the components of the information systems that are safeguarding assets, maintaining data integrity are operating effectively to achieve the organization’s overall goals and objectives. The audit reviews performed can be in conjunction with a financial statement audit or other forms of attestation engagement.
The IS Audit covers the following major categories:
- Systems & Applications: Focusing on the systems and applications within an organization.
- Information Processing Facilities: Focusing that IT processes are working correctly, timely and accurately, whether in normal or disruptive conditions.
- Systems Development: Evaluate if those systems which are under development are in compliance with the organization’s standards.
- Management of IT and Enterprise Architecture: Assuring that IT management is structured and processes in a controlled and efficient manner.
IS Audit involves auditing the
- Management Controls
- Operational Controls
- Technical Controls
The audit process is completed as per the following phases:
- Audit Planning
In this initial phase, we plan the objectives specified by the Client and ensure compliance to all Laws and Professional Standards. The first thing is to obtain an Audit Charter from the client detailing the purpose of the audit, the management responsibility, authority, and accountability of the Information Systems Audit function.
- Audit Checklist Preparation
We create an information base for future audits and record data for future references, ensuring that the audit is conducted in a systematic and comprehensive manner.
- Audit Execution
Understanding the business process requirements, we review all the essential documents as per scope and interview the auditees. A set of questionnaires is sent to the auditees and we perform testing of controls to check the inadequacies. We collect evidence for control implementation and testing.
- Audit Reporting
Upon the executionof the audit, we produce our concise report as per our findings that describes our observations, risks and recommendations in detail. The report and the findings is then communicated to the stakeholders, presenting the finds to the management via an executive summary
Conducting an IS Audit has the benefits of educating the business community on how their work adds value to an organization. It covers a wide range of IT processing and communication infrastructure and provides clear perspective on their role in an organization.
The following are the key benefits of conducting IS audit of a business
- Reduction of IT Risk, as they are assessed through the entre cycle and best practices are suggested as per ISACA COBIT and Risk IT frameworks and the ISO/IEC 27002 frameworks
- Improving IT governance by reducing risks, improving security, complying with regulations and facilitating communication between technology and business management
- Standardizing the information systems of the business.
- Strengthening business efficiency and system and process controls.
- Planning for contingencies and disaster recovery.
- Improved Management of the information & developing systems of the business.