Know your CISA Exam (2)...
The objective of IT Audit
The objectives of IT audit include assessment and evaluation of processes that ensure:
A. Asset safeguarding ‘Assets’ which include the following five types of assets:
· Data objects in their widest sense, (i.e., external and internal, structured and non- structured, graphics, sound, system documentation etc).
· Application system is understood to be the sum of manual and programmed procedures.
· Technology covers hardware, operating systems, database management systems, networking, multimedia, etc. Resources to house and support information systems, supplies etc.
· Staff skills, awareness and productivity to plan, organize, acquire, deliver, support and monitor information systems and services.
B. Ensures that the following seven attributes of data or information are maintained:
· Effectiveness – deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner.
· Efficiency – concerns the provision of information through the optimal (most productive and economical) usage of resources.
· Confidentiality – concerns protection of sensitive information from unauthorized disclosure.
· Integrity – relates to the accuracy and completeness of information as well as to its validity in accordance with the business’ set of values and expectations.
· Availability – relates to information being available when required by the business process, and hence also concerns the safeguarding of resources.
· Compliance – deals with complying with those laws, regulations and contractual arrangements to which the business process is subject; i.e., externally imposed business criteria. This essentially means that systems need to operate within the ambit of rules, regulations and/or conditions of the organization.
· Reliability of information