 |
 |
Home |
 |
 |
 |
 |
Control Environment: Organization structure Control framework Organization policies and procedures External influences Manual and automated systems: Systems software Application systems End-user and departmental systems
Classification of controls Preventive, detective, and corrective controls Discretionary and non-discretionary controls Voluntary and mandated controls Manual and automated controls Application and general IS controls
|
 |
 |
||
 |
About Information System Audit |
What is Information System Audit?
Information System Audit is series of tests that must me conducted periodically or for special purpose to insure that adequate controls are in place over the Information System. Information System Audit is not a Financial Statement Audit and it does not test financial statement data for determining Existence, Completeness, Rights & Obligations, Valuation or Allocation, and Presentation and Disclosure.
Information systems audit is the audit of "controls" placed over the system in what is known as the "system of internal controls".
Internal Control System:
System of internal controls is a set of processes, functions, activities, subsystems, and people grouped together or consciously segregated to ensure the effective achievement of objectives and goals. The internal controls system is designed to provide reasonable assurance related to the validity, correctness, and completeness of the system output. The system of internal controls consists of unspecified number of unique and redundant controls which can be generally classified into two major groups related to:
-
Control environment, and
-
Manual and automated systems
Purpose of Information System Audit:
Information system audit is often described as "the process of collecting and evaluating evidence to determine whether an information system safeguards assets, maintains data integrity, achieves organizational goals effectively and consumes resources efficiently." The audit process is a planned process which is carried out on test-basis.
The purpose of IS audit is to review and provide feedback, assurances and suggestions. These concerns can be grouped under three areas which are related to the system’s:
Availability:
Will the information systems on which the business is heavily dependent be available for the business at all times when required? Are the systems well protected against all types of losses and disasters?
Confidentiality:
Will the information in the systems be disclosed only to those who have a need to see and use it and not to anyone else?
Integrity:
Will the information provided by the system always be accurate, reliable, and timely? What measures are available to ensure that no unauthorized modification can be made to the data or the software in the system?
Elements of IS Audit
The major elements of IS audit can be broadly classified into the following elements:
 |
Physical and environmental review |
|
System administration review |
|
Application software review |
|
Network security review |
|
Business continuity review |
|
Data integrity review |