An information system (IS) audit or information technology(IT) audit is an examination of the controls within an entity's Information technology infrastructure. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement. It is the process of collecting and evaluating evidence of an organization's information systems, practices, and operations. Obtained evidence evaluation can ensure whether the organization's information systems safeguard assets, maintains data integrity, and are operating effectively and efficiently to achieve the organization's goals or objectives.
An IS audit is not entirely similar to a financial statement audit. An evaluation of internal controls may or may not take place in an IS audit. Reliance on internal controls is a unique characteristic of a financial audit. An evaluation of internal controls is necessary in a financial audit, in order to allow the auditor to place reliance on the internal controls, and therefore, substantially reduce the amount of testing necessary to form an opinion regarding the financial statements of the company. An IS audit, on the other hand, tends to focus on determining risks that are relevant to information assets, and in assessing controls in order to reduce or mitigate these risks. An IT audit may take the form of a "general control review" or an "specific control review". Regarding the protection of information assets, one purpose of an IS audit is to review and evaluate an organization's information system's availability, confidentiality, and integrity by answering the following questions:
- Will the organization's computerized systems be available for the business at all times when required? (Availability)
- Will the information in the systems be disclosed only to authorized users? (Confidentiality)
- Will the information provided by the system always be accurate, reliable, and timely? (Integrity).
The performance of an IS Audit covers several facets of the financial and organizational functions of our Clients. The diagram to the right gives you an overview of the Information Systems Audit flow: From Financial Statements to the Control Environment and Information Systems Platforms.