CHAPTER TWO

IT Audit Function Knowledge

THIS CHAPTER LOOKS at the laws and regulations governing information technology (IT) audits and the nature and role of the audit charter. It reviews the varying nature of audits and the demand for audits as well as the need for control and audit of computer-based IT. The types of audit and auditor and range of services to be provided are reviewed together with the standards and codes of ethics of both the Institute of Internal Auditors (IIA) and the standards specified by the Information Systems Audit and Control Association (ISACA).

INFORMATION TECHNOLOGY AUDITING

Effective management of information and related IT has become of critical importance to the survival and long-term success of any organization. This has arisen because of the increasing dependence on information and the associated systems that deliver this information, together with the costs and size of future use of IT. As a result, management has a heightened expectation of delivery from IT functions and demands improved quality with a decreased delivery time and improved service levels at reduced costs. In addition, the increasing potential from threats such as information warfare or cyber terrorism has added a new awareness. At the same time, the potential for technology to revolutionize organizations and their business practices creates new business opportunities and offers the chance to massively reduce costs.

IT Audit has traditionally been based upon the paradigms that ...

Get Auditor's Guide to IT Auditing, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.