An IT Audit can be defined as an examination of the management controls within an Information technology (IT) infrastructure, which includes the automated information processing systems, related non-automated processes, and the interfaces among them. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals or objectives.
ISACA references three types of IT Audit engagements, all of which we offer, as follows:
An examination is normally part of a traditional audit. ISACA defines it as “…a systematic process by which a competent, independent person objectively obtains and evaluates evidence regarding assertions about an entity or event, processes, operations or internal controls, for the purpose of forming an opinion and providing a report on the degree to which the assertions conform to an identified set of standards.” This then can be seen as the normal IT Audit, in layman’s terms. Included in most of the standards and procedures as subscribed by IT Audit norms is a section on IT Audit.
An Agreed upon Procedures Engagement is a process whereby the client and the auditor agree on the specific procedures the auditor will perform to obtain the evidence required by the client. This type of procedure may require more or less audit evidence than an examination, depending on the agreement by the two parties.
ISACA also differentiate between the following categories, each of which can be performed through a review, examination or agreed upon procedures engagement:
- General control examination or facility audit
- Application audit
- System development audit, or
- Technical or special topic audit.
082 887 1770