Understanding the Work of an IT Auditor

In order to fully understand the nature of an ITscope of an IT audit covers the followings:-
auditor’s work, it is best that you learn the- Plan & Organise (PO)
fundamental of IT auditing i.e.: -- Acquire & Implement (AI)
- What is IT Audit?- Deliver & Support (DS)
- What is the scope of an IT Audit?- Monitor & Evaluate (ME) Whether you are using
- Why perform IT audit?FFIEC, COBIT or any other methodology, the most
- IT Risksimportant thing is to understand your IT environment
What is IT Audit?and how its support the organisation business.
IT = Technology (system/process/method) to produceWhy perform IT audit?
the information required by the users.The objective of an IT audit is to assess the
Information = Data that has been processed to suit theadequacy of the controls in place to safeguard the
user requirementsinformational assets.
Audit = assurance and consulting activitiesIn other words, to review the level of IT risks, controls
IT Audit is just another branch of audit. It is basically anand exposure. My simple equation is: -
assurance and consulting activities designed to addIT Risk – IT Control = IT Exposure
value and improve the IT operations.Therefore, an IT auditor needs to assess the level of
Interesting websites on IT Audit that you can refer to :-IT risks and controls that exist in order to determine
[whether there is any exposure in the organisation.
What is the scope of an IT Audit?IT Risks
According to FFIEC InformationThere are many ways to classify the IT risks.
TechnologyExamination Handbook, the typical scopeOne of the methods is: -
of an IT audit :-
- Management1. Infrastructure Risk
- Operations2. Availability Risk
- Development & Acquisition3. Integrity Risk
- Information Security4. Access Risk
- Business Continuity Planning As per COBIT, the5.