An IT audit is a review of the controls within an entity's technology infrastructure. These reviews are typically performed in conjunction with a financial statement audit, internal audit review, or other form of attestation engagement. The IT audit is the process of collecting and evaluating evidence of an organization's information system, practices, and operations. Evaluation of the evidence ensures that the organization's information system safeguards assets, maintains data integrity, and is operating effectively and efficiently to achieve the organization's goals.
The purpose of an IT audit is to review and evaluate an organization's information system's availability, confidentiality, and integrity by answering questions such as:
- Will the organization's computer systems be available for the business at all times when required? (Availability)
- Will the information in the systems be disclosed only to authorized users? (Confidentiality)
- Will the information provided by the system always be accurate, reliable, and timely? (Integrity).
There are several elements relevant to controls:
- Security—assuring data is protected
- Physical Access—assuring that hardware is secure
- Back-up and Recovery—assuring there is adequate redundancy
- IT Governance—assuring that IT systems are working with other internal systems
- Change Management--assuring that the "human factor" elements critical to effect change are identified and managed
Our professionals will examine the areas above, and recommend procedural or technology improvements to minimize internal and external risks.
We look for applications of policies through a unique integrated approach of technological knowledge and business acumen. We explore practical methods for automated controls within a corporation's financial infrastructure that not only allows a company to comply with the requirements of Sarbanes-Oxley, but helps to improve overall corporate efficiency.