Mapping Business Control with IT Application: An IS Auditor can help ensure that necessary business controls can be mapped into the application control. He/She can ascertain that the Business controls are put in the developmental stage itself, if employed at the project stage.
Business Process Re-engineering: There is a difference in automation and computerisation, in the former the existing manual process is automated using computers and in the latter the existing process. In the latter absorption is more effectively achieved but can pose serious problems if some forms of basic controls are omitted. An IS Auditor being a part of this exercise to ensure that the basic controls required for business exist in the re-engineered process.
The IT Security Policy: The IS ...view middle of the document...
Better Return on Investment: IS audits are not only considered for security nowadays but also performance management and value for IT investments. Therefore, an IS audit can be used for facilitating the effective and efficient use of IT for fulfilling business objectives.
Risk Management: The domain of IS Auditing is moving towards risk Management and an IS auditor is being viewed as a risk management professional particularly in the area of operational risk. Effective risk management for the enterprise is vital, therefore the role of IS auditor is crucial.
ISA audits with five categories of audits:
1. Systems and Applications: An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity.
2. Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.
3. Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development.
4. Management of IT and Enterprise Architecture: An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.
5. Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.