An information technology audit evaluates the management controls within the Information Technology (IT) environment. The results of the audit determine if the applications, systems, and technologies are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals or objectives. The primary functions of an IT audit are to evaluate existing applications, systems, and technologies to guard an organization’s data and information assets. Thus, information technology audits describe the organization’s ability to protect its data and information assets, and to distribute information to authorized users. The IT audit three prime focus areas: 1) Availability – determine if key applications and systems will be available to the business during periods of disruption, 2) Security & Confidentiality – what data is accessible by authorized users, and what data is required by others, 3) Integrity – the accuracy, reliability, and timeliness of data made available to users. The intent of the audit is to identify the risk to the company’s data and information assets, and risk mitigation plan to protect these assets. The information Technology Audit covers five areas of information technology categories:
• Applications and Systems: An audit to verify that applications and systems are appropriate, efficient, and adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system activity. Such audits focus on process-centric business applications and systems, and have the objective to assist financial auditors.
• Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.
• Systems Development: An audit to verify that the applications and systems under development meet the objectives of the organization, and to ensure that they are developed in accordance with generally accepted standards for systems development.
• Management of IT and Enterprise Architecture: An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.
• Technology (including Clients, Servers, Databases, Networks, Telecommunications, Mobility, Workflow, Intranets, Extranets, Cloud, SaaS Products, etc): An audit to verify that technical access controls are in place on the clients, servers, networks, databases, applications/systems, and other technologies and COTS solutions residing on-premise.
IT Architects provides a service to conduct different types of audits based on programs/projects, current operations, and technology innovations.
