Full Paper Overview This is a digital age, where information is now digitized and plays a critical role in accomplishing business goals. Financial auditing is now a new evolved domain, as organizations are now dependent on information systems acquiring digital data, this field is now evolved as information system auditing. Preconditions required for effective management are adequate plans, structure of human resources, policies, best practices, procedures, processes that are present in the computing environment. Information system audit is a specialized function that is responsible for assessing the current state of an organization in terms of organizational asset protection, data integrity. Likewise, the primary output is to facilitate organizations for achieving goals effectively and efficiently (Information systems control & audit1999). The impact of Information Security audit is within the organization as well as outside. For instance, managers are more concerned on the return on investment that is achieved by optimal usage of Information Technology resources and services. In this way, the stake holders are satisfied. Moreover, there are labor unions that are keen to know how organizations utilize their IT resources and services. Information System audit overview highlights the requirement for control and audit of computers and networks, auditing of information systems, review of internal controls that are implemented to mitigate risks, evidence evaluation functions along with the consideration of information system audit foundations. However, for initiating an information system audit function, there is an association of several strategies that can be applied from information system auditors. Likewise, these strategies define generic steps that need to be carried out for an information system audit (Information systems control & audit1999).
The scope of information system audit do not focuses on the complete life cycle for the technological architecture that is under inspection along with accuracy of computing calculations. Likewise, the scope of an information system audit is linked with its objective. One of the examples may include the policy and its enforcement within the organization, the audit then cross checks the controls, processes and procedures addressing the policy. The audit report highlights the vulnerabilities, percentage of compliance with the policy and recommendations to mitigate risks, threats or vulnerabilities. An audit for active user accounts in the Microsoft Active Directory may incorporate crosschecks to unnecessary active account of ex-employees or those who have left the company but still has access to critical applications, entrance in the facility, organization Intranet etc. It is vital to understand the current state of technology within the organization; otherwise the information system audit scope may not be adequately defined. If we consider a database maintaining customer data, there are certain data privacy regulations that must be followed. For instance, an organization maintaining customer information has to comply with regulations by the regulator. Normally, an information security officer or manager is associated to perform information system audit within an organization or third parties are contacted for information technology advisory services. For instance, big 4 firms provide IT advisory services and IT audit by audit and security cosultants.
References
Information systems control & audit (1999). Pearson Education.
