Wednesday, 6 June 2012

Information System Audit

Information System Audit is series of tests that is conducted periodically or for special purpose to ensure that adequate controls are in place over the Information System.  It is not like a Financial Statement Audit which tests the financial statement data for determining Existence, Completeness, Rights & Obligations, Valuation or Allocation, and Presentation and Disclosure.  Information system audit is the audit of internal control system.

Source: Cranium IT
It is often described as the process of collecting and evaluating evidence to determine whether an information system safeguards assets, maintains data integrity, achieves organizational goals effectively and consumes resources efficiently.  The audit process is a planned process which is carried out on test-basis.

The purpose of IS audit is to review and provide feedback, assurances and suggestions. This includes the physical and environmental review, application software review, network security review, business continuity review and data integrity review. 

Among others, types of IS Audit includes: 

 System Audits

A system audit is an audit of the controls designed and implemented into the system to ensure the integrity of the data processed by the system and maintain the proper functionality of system processes.

Application Audits

This is an audit of the controls placed over an enterprise information system which are usually designed to ensure the Effectiveness, Efficiency, Confidentiality, Availability, Reliability, and Compliance of information and processing in an enterprise IT environment.

Compliance Audits

Compliance audits provide management with tool for the internal review of compliance in their operating units. Each area may be applicable to a particular operating unit, depending on its activities, funding, regulatory administrative rules, or any other pre-defined criterion.

Security Audits

Security audits are aimed to provide comprehensive and cost-effective network vulnerability assessments by disclosing number of vulnerability tests, provide detailed and comprehensive report on weaknesses found, suggest remedies, solutions, and preventive measures to reduce or eliminate vulnerabilities.

Performance Audits

Performance audits provide an independent assessment of the performance and management of a program against objective criteria. 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)