INFORMATION SYSTEMS
We at AACO review the complete IT infrastructure, Networking, Business Applications, Data Security and controls. Primary focus of this audit is to protect the information assets in line with business risks. Audit is conducted with the help of comprehensive audit checklists and necessary audit tools.
Information Systems (IS) audit is a special assignment which is done by specially trained staff in the internal audit department. Sometimes, it is outsourced to external consultants too. The objective and scope of coverage of IS audit is then defined by the management. The technical skills required depends on the complexity and objective of the IT environment audited and related IT processes.
Key perspectives
Risk management: The objective in this approach is to assess the risks first, and implement appropriate controls to reduce the risks to an acceptable level. IS audit executed with this perspective tend to be called security management, information risk management, information systems risk management, security audit, IT audit, and so on.
Control objectives: The objective in this approach is to review whether the organization’s internal control system ensures that business objectives are achieved. Hence, it is necessary to set appropriate control objectives which, in turn, result in reducing risks to an acceptable level.
Assignments executed with this perspective are termed IS audit, IS assurance, computer assurance services, technology assurance services, IT governance, IS controls review and the like. What follows are multiple choice questions on a few topics.