Friday, February 03, 2006

Theory of IT Auditing

IT auditing is evaluating an IT department and facilities for profitability, legality, security, structural stability, accounting veracity, ethics compliance, adminstrative integrity, information validity, and internal goals affinity.

I had a discussion in a restaurant bar, in which the other fellow said his company's CEO was questioning the need for a CIO and internal IT.

I told the gentleman, laughing, that already the tables are turning, and it will be the IT department heads who will ask, "For what do we need a CEO?" and getting blank stares as bloated compensation packages sail through the fairy dust air.


In today's environment, organizations must integrate their IT with business strategies to attain their overall enterprise objectives, get the most value out of their information, and capitalize on the technologies available to them.

Where IT was formerly viewed as an enabler of an enterprise's strategy, it now is regarded as an integral part of that strategy to attain profitability and service.

As computerized applications are penetrating nearly all business processes and functions, organizations are mixing hardware platforms from different vendors with a combination of commercially available software and in-house developed software.

Issues such as IT governance, international information infrastructure, E-commerce, security, and privacy and control of public and enterprise information have driven the need for self-review and self-assurance.

As a result, business risk increases.

IT auditing is needed to evaluate the adequacy of information systems to meet processing needs, to evaluate the adequacy of internal controls, and to ensure that assets controlled by those systems are adequately safeguarded.

[snip: text deleted]

Today, even in these economic times, the demand for qualified IT auditors exceeds the supply. IT governance has created opportunities for the IT auditor.

-- Frederick Gallegos, CGFM, CISA, CDE, (et al)
Information Technology Control and Audit
(Auerbach Publications, 2004, p. 29-30)


No comments: