Why IT Audit?
IT Audits provide assurance that your company is prepared:
- Will the organization's computer systems be available for the business at all times when required? (Availability)
- Will the information in the systems be disclosed only to authorized users? (Confidentiality)
- Will the information provided by the system always be accurate, reliable, and timely? (Integrity).
- Will the systems comply with federal and state laws? (Compliance).
Areas of IT Audit
Systems and Applications:
This is an audit to verify that systems and applications are appropriate to the entity's needs, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity.
Information Processing Facilities:
Here is where we can audit to verify that the processing facility is controlled from an operational perspective to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.
Are the controls built into new implementations? This audit verifies that the systems under development meet the objectives of the organization and to ensure that the systems are created in accordance with generally accepted standards for systems development and security.
Management of IT and Enterprise Architecture:
this is an audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing
Client/Server, Networks, Intranets, and Extranets:
For infrastructure, it maybe very important to your risk profile to have an audit verifying that seclected best practice controls are in place and effective on the client (computer receiving services), server, and on the WAN/LAN, connecting the clients and servers.
Specific US Regulations and Legislation Related to IT Audits
Several information technology audit related laws and regulations have been introduced United States since 1977. These include the Gramm Leach Bliley Act, the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, the London Stock Exchange Combined Code, and the Foreign Corrupt Practices Act.
Health Insurance Portability and Accountability Act (HIPAA)
Gramm-Leach-Bliley Act (GLBA)
Sarbanes-Oxley Act (SOX)
Foriegn Corrupt Practices Act (FCPA)