IT Audit

IT Auditing

At EGRA, we can perform any type of IT Audit engagement, as part of a statutory audit, or as a separate engagement, as agreed with the client.

An IT Audit can be defined as an examination of the management controls within an Information technology (IT) infrastructure, which includes the automated information processing systems, related non-automated processes, and the interfaces among them. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals or objectives.

ISACA references three types of IT Audit engagements, all of which we offer, as follows:

A review is designed to provide limited assurance about an assertion. This may include a review about IT security, but it is not explicitly stated. This is therefore not a traditional audit in the sense that it is not an attestation of a formal audit, and does not contain an audit opinion. If the assertion being reviewed is about IT Security, the review will obviously focus on IT Security.

An examination is normally part of a traditional audit. ISACA defines it as “…a systematic process by which a competent, independent person objectively obtains and evaluates evidence regarding assertions about an entity or event, processes, operations or internal controls, for the purpose of forming an opinion and providing a report on the degree to which the assertions conform to an identified set of standards.” This then can be seen as the normal IT Audit, in layman’s terms. Included in most of the standards and procedures as subscribed by IT Audit norms is a section on IT Audit.

An Agreed upon Procedures Engagement is a process whereby the client and the auditor agree on the specific procedures the auditor will perform to obtain the evidence required by the client. This type of procedure may require more or less audit evidence than an examination, depending on the agreement by the two parties.

ISACA also differentiate between the following categories, each of which can be performed through a review, examination or agreed upon procedures engagement:

  • General control examination or facility audit
  • Application audit
  • System development audit, or
  • Technical or special topic audit.

Contact Us


082 887 1770