Information technology audit

Last updated April 11, 2024

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure and business applications. The evaluation of evidence obtained determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

Purpose
classification of IT audits
History of IT auditing
Principles of an IT audit
Emerging issues
Web presence audits
Enterprise communications audits
Ethical Dilemmas in IT Audits
Effect of IT Audit on Companies and Financial Audits
Benefits of Utilizing IT systems on Financial Audits
See also
Computer forensics
Operations
Miscellaneous
Irregularities and illegal acts
References
External links

IT audits are also known as automated data processing audits (ADP audits) and computer audits.

They were formerly called electronic data processing audits (EDP audits).

Purpose

An IT audit is different from a financial statement audit. While a financial audit's purpose is to evaluate whether the financial statements present fairly, in all material respects, an entity's financial position, results of operations, and cash flows in conformity to standard accounting practices, the purposes of an IT audit is to evaluate the system's internal control design and effectiveness. This includes, but is not limited to, efficiency and security protocols, development processes, and IT governance or oversight. Installing controls are necessary but not sufficient to provide adequate security. People responsible for security must consider if the controls are installed as intended, if they are effective, or if any breach in security has occurred and if so, what actions can be done to prevent future breaches. These inquiries must be answered by independent and unbiased observers. These observers are performing the task of information systems auditing. In an Information Systems (IS) environment, an audit is an examination of information systems, their inputs, outputs, and processing. ^[1]

As technology continues to advance and become more prevalent in our lives and in businesses, along comes an increase of IT threats and disruptions. These impact every industry and come in different forms such as data breaches, external threats, and operational issues. These risks and need for high levels of assurance increase the need for IT audits to check businesses IT system performances and to lower the probability and impact of technology threats and disruptions.^[2]

The primary functions of an IT audit are to evaluate the systems that are in place to guard an organization's information. Specifically, information technology audits are used to evaluate the organization's ability to protect its information assets and to properly dispense information to authorized parties.^[3] The IT audit aims to evaluate the following:

Will the organization's computer systems be available for the business at all times when required? (known as availability) Will the information in the systems be disclosed only to authorized users? (known as security and confidentiality) Will the information provided by the system always be accurate, reliable, and timely? (measures the integrity) In this way, the audit hopes to assess the risk to the company's valuable asset (its information) and establish methods of minimizing those risks.

More specifically, organizations should look into three major requirements: confidentiality, integrity, and availability to label their needs for security and trust in their IT systems.

Confidentiality: The purpose is to keep private information restricted from unauthorized users.
Integrity: The purpose is to guarantee that information be changed in an authorized manner
Availability: The purpose is to ensure that only authorized users have access to specific information

These three requirements should be emphasized in every industry and every organization with an IT environment but each requirements and controls to support them will vary.^[4]

classification of IT audits

Various authorities have created differing taxonomies to distinguish the various types of IT audits. Goodman & Lawless state that there are three specific systematic approaches to carry out an IT audit:^[5]

Technological innovation process audit. This audit constructs a risk profile for existing and new projects. The audit will assess the length and depth of the company's experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure.
Innovative comparison audit. This audit is an analysis of the innovative abilities of the company being audited, in comparison to its competitors. This requires examination of company's research and development facilities, as well as its track record in actually producing new products.
Technological position audit: This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing" or "emerging".

Others describe the spectrum of IT audits with five categories of audits:

Systems and Applications: An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity. System and process assurance audits form a subtype, focussing on business process-centric business IT systems. Such audits have the objective to assist financial auditors.^[6]

Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.
Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development.
Management of IT and Enterprise Architecture: An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.
Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.

And some lump all IT audits as being one of only two type: "general control review" audits or "application control review" audits.

A number^{[ who? ]} of IT audit professionals from the Information Assurance realm consider there to be three fundamental types of controls regardless of the type of audit to be performed, especially in the IT realm. Many frameworks and standards try to break controls into different disciplines or arenas, terming them “Security Controls“, ”Access Controls“, “IA Controls” in an effort to define the types of controls involved. At a more fundamental level, these controls can be shown to consist of three types of fundamental controls: Protective/Preventative Controls, Detective Controls and Reactive/Corrective Controls.

In an IS, there are two types of auditors and audits: internal and external. IS auditing is usually a part of accounting internal auditing, and is frequently performed by corporate internal auditors. An external auditor reviews the findings of the internal audit as well as the inputs, processing and outputs of information systems. The external audit of information systems is primarily conducted by certified Information System auditors, such as CISA, certified by ISACA, Information System Audit and Control Association , USA, Information System Auditor (ISA) certified by ICAI (Institute of Chartered Accountants of India), and other certified by reputed organization for IS audit. Delete --> (frequently a part of the overall external auditing performed by a Certified Public Accountant (CPA) firm.^[1] ) IS auditing considers all the potential hazards and controls in information systems. It focuses on issues like operations, data, integrity, software applications, security, privacy, budgets and expenditures, cost control, and productivity. Guidelines are available to assist auditors in their jobs, such as those from Information Systems Audit and Control Association.^[1]

History of IT auditing

The concept of IT auditing was formed in the mid-1960s. Since that time, IT auditing has gone through numerous changes, largely due to advances in technology and the incorporation of technology into business.

Currently, there are many IT-dependent companies that rely on information technology in order to operate their business e.g. Telecommunication or Banking company. For the other types of business, IT plays the big part of company including the applying of workflow instead of using the paper request form, using the application control instead of manual control which is more reliable or implementing the ERP application to facilitate the organization by using only 1 application. According to these, the importance of IT Audit is constantly increased. One of the most important roles of the IT audit is to audit over the critical system in order to support the financial audit or to support the specific regulations announced e.g. SOX.

Principles of an IT audit

The following principles of an audit should find a reflection:^[7]

Timeliness: Only when the processes and programming is continuously inspected in regard to their potential susceptibility to faults and weaknesses, but as well with regard to the continuation of the analysis of the found strengths, or by comparative functional analysis with similar applications an updated frame can be continued.
Source openness: It requires an explicit reference in the audit of encrypted programs, how the handling of open source has to be understood. E.g. programs, offering an open source application, but not considering the IM server as open source, have to be regarded as critical. An auditor should take an own position to the paradigm of the need of the open source nature within cryptologic applications.
Elaborateness: Audit processes should be oriented to certain minimum standard. The recent audit processes of encrypting software often vary greatly in quality, in the scope and effectiveness and also experience in the media reception often differing perceptions. Because of the need of special knowledge on the one hand and to be able to read programming code and then on the other hand to also have knowledge of encryption procedures, many users even trust the shortest statements of formal confirmation. Individual commitment as an auditor, e.g. for quality, scale and effectiveness, is thus to be assessed reflexively for yourself and to be documented within the audit.
The financial context: Further transparency is needed to clarify whether the software has been developed commercially and whether the audit was funded commercially (paid Audit). It makes a difference whether it is a private hobby / community project or whether a commercial company is behind it.
Scientific referencing of learning perspectives: Each audit should describe the findings in detail within the context and also highlight progress and development needs constructively. An auditor is not the parent of the program, but at least he or she is in a role of a mentor, if the auditor is regarded as part of a PDCA learning circle (PDCA = Plan-Do-Check-Act). There should be next to the description of the detected vulnerabilities also a description of the innovative opportunities and the development of the potentials.
Literature-inclusion: A reader should not rely solely on the results of one review, but also judge according to a loop of a management system (e.g. PDCA, see above), to ensure, that the development team or the reviewer was and is prepared to carry out further analysis, and also in the development and review process is open to learnings and to consider notes of others. A list of references should be accompanied in each case of an audit.
Inclusion of user manuals & documentation: Further a check should be done, whether there are manuals and technical documentations, and, if these are expanded.
Identify references to innovations: Applications that allow both, messaging to offline and online contacts, so considering chat and e-mail in one application - as it is also the case with GoldBug - should be tested with high priority (criterion of presence chats in addition to the e-mail function). The auditor should also highlight the references to innovations and underpin further research and development needs.

This list of audit principles for crypto applications describes - beyond the methods of technical analysis - particularly core values, that should be taken into account

Emerging issues

There are also new audits being imposed by various standard boards which are required to be performed, depending upon the audited organization, which will affect IT and ensure that IT departments are performing certain functions and controls appropriately to be considered compliant. Examples of such audits are SSAE 16, ISAE 3402, and ISO27001:2013.

Web presence audits

The extension of the corporate IT presence beyond the corporate firewall (e.g. the adoption of social media by the enterprise along with the proliferation of cloud-based tools like social media management systems) has elevated the importance of incorporating web presence audits into the IT/IS audit. The purposes of these audits include ensuring the company is taking the necessary steps to:

rein in use of unauthorized tools (e.g. "shadow IT")
minimize damage to reputation
maintain regulatory compliance
prevent information leakage
mitigate third-party risk
minimize governance risk^[8]^[9]

The use of departmental or user developed tools has been a controversial topic in the past. However, with the widespread availability of data analytics tools, dashboards, and statistical packages users no longer need to stand in line waiting for IT resources to fulfill seemingly endless requests for reports. The task of IT is to work with business groups to make authorized access and reporting as straightforward as possible. To use a simple example, users should not have to do their own data matching so that pure relational tables are linked in a meaningful way. IT needs to make non-normalized, data warehouse type files available to users so that their analysis work is simplified. For example, some organizations will refresh a warehouse periodically and create easy to use "flat' tables which can be easily uploaded by a package such as Tableau and used to create dashboards.

Enterprise communications audits

The rise of VOIP networks and issues like BYOD and the increasing capabilities of modern enterprise telephony systems causes increased risk of critical telephony infrastructure being misconfigured, leaving the enterprise open to the possibility of communications fraud or reduced system stability. Banks, financial institutions, and contact centers typically set up policies to be enforced across their communications systems. The task of auditing that the communications systems are in compliance with the policy falls on specialized telecom auditors. These audits ensure that the company's communication systems:

adhere to stated policy
follow policies designed to minimize the risk of hacking or phreaking
maintain regulatory compliance
prevent or minimize toll fraud
mitigate third-party risk
minimize governance risk^[10]^[11]

Enterprise communications audits are also called voice audits,^[12] but the term is increasingly deprecated as communications infrastructure increasingly becomes data-oriented and data-dependent. The term "telephony audit"^[13] is also deprecated because modern communications infrastructure, especially when dealing with customers, is omni-channel, where interaction takes place across multiple channels, not just over the telephone.^[14] One of the key issues that plagues enterprise communication audits is the lack of industry-defined or government-approved standards. IT audits are built on the basis of adherence to standards and policies published by organizations such as NIST and PCI, but the absence of such standards for enterprise communications audits means that these audits have to be based an organization's internal standards and policies, rather than industry standards. As a result, enterprise communications audits are still manually done, with random sampling checks. Policy Audit Automation tools for enterprise communications have only recently become available.

Ethical Dilemmas in IT Audits

The Use of Artificial Intelligence (AI) in IT audits is growing rapidly, with 30% of all corporate audits to be conducted using AI by 2025 as reported by the World Economic forum from 2015. AI in IT audits raises many ethical issues.^[15]

The use of Artificial Intelligence causes unintended biases in results
An issue that AI faces in completing IT audits for corporations is that unintended biases can occur as the AI filters through data. AI does not have a human element or the ability to understand different situations in which certain data is expected or not expected. AI only understands the data in which it has seen before and therefore is unable to evolve given each unique situation. This causes unintended biases and therefore unintended consequences if the AI systems are given too much trust and not carefully monitored by the human eye. As a result ethical, legal and economic issues arise.^[15]
Technology replacing the role of humans
Big 4 firms have invested significant amounts of money in emerging technologies in the IT audit space. AI is now being used in assurance practices performing tasks such as “auditing and accounting procedures such as review of general ledgers, tax compliance, preparing work-papers, data analytics, expense compliance, fraud detection, and decision-making.” ^[15] This essentially replaces the need for auditors and relegates those who work in assurance to roles as “overseers” of the technology.
However, firms still need auditors to perform analysis on the AI results of the IT audit. Auditors who do not understand the algorithms being utilized in the audit can allow mistakes to be made by these imperfect programs. Thus auditors with extensive tech backgrounds and degrees in technology are highly coveted by firms utilizing AI to perform audits.

Effect of IT Audit on Companies and Financial Audits

Globalization in combination with the growth in information technology systems has caused companies to shift to an increasingly digitized working environment. Advantages provided by these systems include a reduction in working time, the ability to test large amounts of data, reduce audit risk, and provide more flexible and complete analytical information. With an increase in time, auditors are able to implement additional audit tests, leading to a great improvement in the audit process overall. The use of computer-assisted audit techniques (CAATs) have allowed companies to examine larger samples of data and more thorough reviews of all transactions, allowing the auditor to test and better understand any issues within the data.^[16]

The use of IT systems in audits has transformed the way auditors accomplish important audit functions such as the management of databases, risk assurance and controls, and even governance and compliance. In addition, IT audit systems improve the operational efficiency and aid in decision making that would otherwise be left to hand-held calculations. IT systems help to eliminate the human error in audits and while it does not fully solve the issue, IT systems have proven to be helpful in audits done by the Big 4 and small firms alike. These systems have greatly reduced the margin of error on audits and provide a better insight into the data being analyzed.

As a result of the increased use of IT systems in audits, authoritative bodies such as the American Institute of Certified Public Accountants (AICPA) and the Information Systems Audit Control Association (ISACA) have established guidance on how to properly use IT systems to perform audits.^[17] Auditors must now adhere to the established guidelines when utilizing IT systems in audits.

Benefits of Utilizing IT systems on Financial Audits

The use of IT systems and AI techniques on financial audits is starting to show huge benefits for leading accounting firms. In a study done by one of the Big 4 accounting firms, it is expected that the use of IT Systems and AI techniques will generate an increase of $6.6 trillion dollars in revenue^[15] as a result of the increase in productivity. As a result, leading auditing firms are making enormous investments with the goal of increasing productivity and therefore revenue through the development or outsourcing of IT systems and AI techniques to assist in financial audits.

PwC, one of the biggest auditing firms in the world, has narrowed down three different types of IT systems and AI techniques that firms can develop and implement to achieve increased revenue and productivity. The first system is by created in a way that technology systems that play a supplemental role in the human auditors decision-making. This allows the human auditor to retain autonomy over decisions and use the technology to support and enhance their ability to perform accurate work, ultimately saving the firm in productivity costs. Next, PwC states that systems with problem solving abilities are imperative to producing the most accurate results. PwC recognizes the increased margin for error due to unintended biases, and thus the need for creating systems that are able to adapt to different scenarios. This type of system requires decision making to be shared between the human auditor and the IT system to produce the maximum output by allowing the system to take over the computing work that could not be one by a human auditor alone. Finally, PwC recognizes that there are scenarios where technology needs to have the autonomy of decision making and act independently. This allows human auditors to focus on more important tasks while the technology takes care of time consuming tasks that do not require human time.^[15]

The utilization of IT systems and AI techniques on financial audits extend past the goal of reaching maximized productivity and increased revenue. Firms who utilize these systems to assist in the completion of audits are able to identify pieces of data that may constitute fraud with higher efficiency and accuracy. For example, systems such as drones have been approved by all four of the big 4 ^[15] to assist in obtaining more accurate inventory calculations, meanwhile voice and facial recognition is adding firms in fraud cases.^[15]

Related Research Articles

<span class="mw-page-title-main">Audit</span> Independent examination of an organization

An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, roll forward prior year working papers, and evaluate the propositions in their auditing report.

<span class="mw-page-title-main">Financial audit</span> Type of audit

A financial audit is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organization. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.

COBIT is a framework created by ISACA for information technology (IT) management and IT governance.

Information Technology Auditing began as Electronic Data Process (EDP) Auditing and developed largely as a result of the rise in technology in accounting systems, the need for IT control, and the impact of computers on the ability to perform attestation services. The last few years have been an exciting time in the world of IT auditing as a result of the accounting scandals and increased regulation. IT auditing has had a relatively short yet rich history when compared to auditing as a whole and remains an ever-changing field.

Change management auditing is the process by which companies can effectively manage change within their information technology systems. Changes to computer software must be monitored in order to reduce the risk of data loss, corruption, malware, errors, and security breaches.

Information technology controls are specific activities performed by persons or systems to ensure that computer systems operate in a way that minimises risk. They are a subset of an organisation's internal control. IT control objectives typically relate to assuring the confidentiality, integrity, and availability of data and the overall management of the IT function. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls. ITGC includes controls over the hardware, system software, operational processes, access to programs and data, program development and program changes. IT application controls refer to controls to ensure the integrity of the information processed by the IT environment. Information technology controls have been given increased prominence in corporations listed in the United States by the Sarbanes-Oxley Act. The COBIT Framework is a widely used framework promulgated by the IT Governance Institute, which defines a variety of ITGC and application control objectives and recommended evaluation approaches.

An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas.

ISACA is an international professional association focused on IT governance. On its IRS filings, it is known as the Information Systems Audit and Control Association, although ISACA now goes by its acronym only. ISACA currently offers 8 certification programs, as well as other micro-certificates.

<span class="mw-page-title-main">Separation of duties</span> Concept of having more than one person required to complete a task

Separation of duties (SoD), also known as segregation of duties, is the concept of having more than one person required to complete a task. It is an administrative control used by organisations to prevent fraud, sabotage, theft, misuse of information, and other security compromises. In the political realm, it is known as the separation of powers, as can be seen in democracies where the government is separated into three independent branches: a legislature, an executive, and a judiciary.

<span class="mw-page-title-main">Internal audit</span> Independent, objective assurance and consulting activity

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing might achieve this goal by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

IT general controls (ITGC) are controls that apply to all systems, components, processes, and data for a given organization or information technology (IT) environment. The objectives of ITGCs are to ensure the proper development and implementation of applications, as well as the integrity of programs, data files, and computer operations.

<span class="mw-page-title-main">Continuous auditing</span>

Continuous auditing is an automatic method used to perform auditing activities, such as control and risk assessments, on a more frequent basis. Technology plays a key role in continuous audit activities by helping to automate the identification of exceptions or anomalies, analyze patterns within the digits of key numeric fields, review trends, and test controls, among other activities.

Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). SIEM is the core component of any typical Security Operations Center (SOC), which is the centralized response team addressing security issues within an organization.

IT risk management is the application of risk management methods to information technology in order to manage IT risk, i.e.:

ERP Security is a wide range of measures aimed at protecting Enterprise resource planning (ERP) systems from illicit access ensuring accessibility and integrity of system data. ERP system is a computer software that serves to unify the information intended to manage the organization including Production, Supply Chain Management, Financial Management, Human Resource Management, Customer Relationship Management, Enterprise Performance Management.

Statement on Standards for Attestation Engagements no. 18 is a Generally Accepted Auditing Standard produced and published by the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board. Though it states that it could be applied to almost any subject matter, its focus is reporting on the quality of financial reporting. It pays particular attention to internal control, extending into the controls over information systems involved in financial reporting. It is intended for use by Certified Public Accountants performing attestation engagements, the preparation of a written opinion about a subject, and the client organizations preparing the reports that are the subject of the attestation engagement. It prescribes three levels of service: examination, review, and agreed-upon procedures. It also prescribes two types of reports: Type 1, which includes an assessment of internal control design, and Type 2, which additionally includes an assessment of the operating effectiveness of controls. Published April 2016, SSAE 18 and all previous standards it supersedes are represented in section AT-C of the AICPA Professional Standards, with most sections becoming effective on May 1, 2017.

Audit technology is the use of computer technology to improve an audit. Audit technology is used by accounting firms to improve the efficiency of the external audit procedures they perform.

References

1 2 3 Rainer, R. Kelly, and Casey G. Cegielski. Introduction to information systems. 3rd ed. Hoboken, N.J.: Wiley ;, 2011. Print.
↑ Stoel, M. Dale; Havelka, Douglas (2020-02-18). "Information Technology Audit Quality: An Investigation of the Impact of Individual and Organizational Factors". Journal of Information Systems. 35 (1): 135–154. doi:10.2308/isys-18-043. ISSN 0888-7985.
↑ Gantz, Stephen D. (2014). The basics of IT audit : purposes, processes, and practical information. Syngress, an imprint of Elsevier.
↑ Read "Computers at Risk: Safe Computing in the Information Age" at NAP.edu.
↑ Richard A. Goodman; Michael W. Lawless (1994). Technology and strategy: conceptual models and diagnostics . Oxford University Press US. ISBN 978-0-19-507949-4 . Retrieved May 9, 2010.
↑ K. Julisch et al., Compliance by Design – Bridging the Chasm between Auditors and IT Architects. Computers & Security, Elsevier. Volume 30, Issue 6-7, Sep.-Oct. 2011.
↑ References to further core audit principles, in: Adams, David / Maier, Ann-Kathrin (2016): BIG SEVEN Study, open source crypto-messengers to be compared - or: Comprehensive Confidentiality Review & Audit of GoldBug, Encrypting E-Mail-Client & Secure Instant Messenger, Descriptions, tests and analysis reviews of 20 functions of the application GoldBug based on the essential fields and methods of evaluation of the 8 major international audit manuals for IT security investigations including 38 figures and 87 tables., URL: https://sf.net/projects/goldbug/files/bigseven-crypto-audit.pdf - English / German Language, Version 1.1, 305 pages, June 2016 (ISBN: DNB 110368003X - 2016B14779)
↑ Juergens, Michael. "Social Media Risks Create an Expanded Role for Internal Audit". Wall Street Journal. Retrieved 10 August 2015.
↑ "Social Media Audit/Assurance Program". ISACA. ISACA. Retrieved 10 August 2015.
↑ Lingo, Steve. "A Communications Audit: The First Step on the Way to Unified Communications". The XO Blog. Retrieved 17 Jan 2016.
↑ "Telephone System Audit Service". 1st Communications Services. 1st Communications Services. Archived from the original on 2019-04-01. Retrieved 2018-12-14.
↑ "Voice Audit". www.securelogix.com. Retrieved 2016-01-20.
↑ "IP Telephony Design and Audit Guidelines" (PDF). www.eurotelecom.ro. Archived from the original (PDF) on 2014-03-27.
↑ "What is omnichannel? - Definition from WhatIs.com". SearchCIO. Retrieved 2016-01-20.
1 2 3 4 5 6 7 Munoko, Ivy; Brown-Liburd, Helen L.; Vasarhelyi, Miklos (2020-11-01). "The Ethical Implications of Using Artificial Intelligence in Auditing". Journal of Business Ethics. 167 (2): 209–234. doi:10.1007/s10551-019-04407-1. ISSN 1573-0697.
↑ Elefterie, Liana (2016). "The Impact of Information Technology on the Audit Process". Economics, Management, and Financial Markets. 11: 303–309.
↑ Yang, David C.; Guan, Liming (2004-01-01). "The evolution of IT auditing and internal control standards in financial statement audits: The case of the United States". Managerial Auditing Journal. 19 (4): 544–555. doi:10.1108/02686900410530547. ISSN 0268-6902.

External links

A career as Information Systems Auditor, by Avinash Kadam (Network Magazine)
Federal Financial Institutions Examination Council (FFIEC)
The need for CAAT Technology
Open Security Architecture- Controls and patterns to secure IT systems
American Institute of Certified Public Accountants (AICPA)
IT Services Library (ITIL)

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[Rainer,_R._Kelly_2011-1] 1 2 3 Rainer, R. Kelly, and Casey G. Cegielski. Introduction to information systems. 3rd ed. Hoboken, N.J.: Wiley ;, 2011. Print.

[2] Stoel, M. Dale; Havelka, Douglas (2020-02-18). "Information Technology Audit Quality: An Investigation of the Impact of Individual and Organizational Factors". Journal of Information Systems. 35 (1): 135–154. doi:10.2308/isys-18-043. ISSN 0888-7985.

[3] Gantz, Stephen D. (2014). The basics of IT audit : purposes, processes, and practical information. Syngress, an imprint of Elsevier.

[4] Read "Computers at Risk: Safe Computing in the Information Age" at NAP.edu.

[GoodmanGoodman1994-5] Richard A. Goodman; Michael W. Lawless (1994). Technology and strategy: conceptual models and diagnostics . Oxford University Press US. ISBN 978-0-19-507949-4 . Retrieved May 9, 2010.

[6] K. Julisch et al., Compliance by Design – Bridging the Chasm between Auditors and IT Architects. Computers & Security, Elsevier. Volume 30, Issue 6-7, Sep.-Oct. 2011.

[7] References to further core audit principles, in: Adams, David / Maier, Ann-Kathrin (2016): BIG SEVEN Study, open source crypto-messengers to be compared - or: Comprehensive Confidentiality Review & Audit of GoldBug, Encrypting E-Mail-Client & Secure Instant Messenger, Descriptions, tests and analysis reviews of 20 functions of the application GoldBug based on the essential fields and methods of evaluation of the 8 major international audit manuals for IT security investigations including 38 figures and 87 tables., URL: https://sf.net/projects/goldbug/files/bigseven-crypto-audit.pdf - English / German Language, Version 1.1, 305 pages, June 2016 (ISBN: DNB 110368003X - 2016B14779)

[8] Juergens, Michael. "Social Media Risks Create an Expanded Role for Internal Audit". Wall Street Journal. Retrieved 10 August 2015.

[9] "Social Media Audit/Assurance Program". ISACA. ISACA. Retrieved 10 August 2015.

[10] Lingo, Steve. "A Communications Audit: The First Step on the Way to Unified Communications". The XO Blog. Retrieved 17 Jan 2016.

[11] "Telephone System Audit Service". 1st Communications Services. 1st Communications Services. Archived from the original on 2019-04-01. Retrieved 2018-12-14.

[12] "Voice Audit". www.securelogix.com. Retrieved 2016-01-20.

[13] "IP Telephony Design and Audit Guidelines" (PDF). www.eurotelecom.ro. Archived from the original (PDF) on 2014-03-27.

[14] "What is omnichannel? - Definition from WhatIs.com". SearchCIO. Retrieved 2016-01-20.

[:0-15] 1 2 3 4 5 6 7 Munoko, Ivy; Brown-Liburd, Helen L.; Vasarhelyi, Miklos (2020-11-01). "The Ethical Implications of Using Artificial Intelligence in Auditing". Journal of Business Ethics. 167 (2): 209–234. doi:10.1007/s10551-019-04407-1. ISSN 1573-0697.

[16] Elefterie, Liana (2016). "The Impact of Information Technology on the Audit Process". Economics, Management, and Financial Markets. 11: 303–309.

[17] Yang, David C.; Guan, Liming (2004-01-01). "The evolution of IT auditing and internal control standards in financial statement audits: The case of the United States". Managerial Auditing Journal. 19 (4): 544–555. doi:10.1108/02686900410530547. ISSN 0268-6902.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]