INFORMATION SYSTEM (IS) AUDIT & RISK MANAGEMENT

Information System Audit

Technology is major source of business growth and advancement as well as business risk. Technology is key factor for growth of every business. But there is always a miscommunication and gap between the business executives and IT professionals because business person cannot understand IT language. and for eliminating these loopholes an effective strategy is required.
Information is undeniably regarded as most valuable asset for an IT company and protecting it from outside and within have become the main issue of consideration for company. Information System Audit covers automated information processing system evaluation, non- automated processes and in between interface.
IT audit also support to reduce risks of data tampering, data loss or leakage, service disruption and poor management of systems.

What Is Information System Audit?

Process of collecting and evaluating evidence to determine whether a (computerized) system:
  1. Safeguards assets
  2. Maintains data integrity
  3. Enables communications & access to information
  4. Achieve operational goals effectively
  5. Consumes resources efficiently

Types Of IT Audits:

Systems and Applications
An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system’s activity. System and process assurance audits form a subtype, focusing on business process-centric business IT systems.
Information Processing Facilities
An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.
Systems Development
An audit to verify that the systems under development meet the objectives of the organization and to ensure that the systems are developed in accordance with generally accepted standards for systems development.
Management of IT and Enterprise Architecture
An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.
Client/Server, Telecommunications, Intranets, and Extranets
An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.