It is common to find organizations investing more and more resources – money, time, staff, etc. – these days in technology. Consider a relatively small retail company, for example, that’s focusing on expanding its website and online ordering capabilities while also building web-based platforms that can function seamlessly on a variety of popular mobile devices. At the same time, this company also must manage a broad and growing range of risks related to security and privacy; regulatory compliance; federal, state and local laws; use of social media by employees; and information technology (IT) infrastructure stability, among many other areas.
In this environment, understanding and managing these risks is absolutely critical for an organization to be successful. A key element of this effort must be well-planned and organized IT audit activities that begin with the establishment, experience and capabilities of a strong IT audit function.
Do most organizations have an IT audit function in place? How are they staffed? Do they exist as an independent function or do they reside in another department? How many organizations are, in fact, conducting IT audit risk assessments on a regular basis? Is IT audit an integral component of the organization’s annual audit plan?
What is IT Audit?
Protiviti defines “IT audit” as the process of collecting and evaluating evidence of the management of controls over an organization’s information systems, practices, controls and operations. The evaluation of evidence obtained through the IT audit process determines if the information systems are safeguarding assets, maintaining data integrity and operating effectively to achieve the organization’s goals and objectives. This may include traditional audits of technology processes and components as well as integrated audits for audit activities, technology-dependent regulatory processes (e.g., privacy) or data analytics support. Organizations can determine their IT audit category and scope with robust IT audit risk assessment templates.
KnowledgeLeader has published hundreds of tools and templates focused on various IT audit techniques. Check out the following examples: