Management employing the use of information systems have objectives and expectations of what they intend to achieve from the large investment made in utilizing technology. Reasons for implementing ICT within the organization include the desire to obtain business value through reduced costs, greater effectiveness, enhanced efficiency and/or increased service delivery. It is against these objectives that an IT auditor is required to provide management assurance.
Typically, management’s goals and objectives in utilizing technology to support business processes include:
• Confidentiality;
• Integrity;
• Availability;
• Reliability; and
• Compliance with legal and regulatory requirements.
Underpinning these goals and objectives is the need to ensure information technology, and the controls supporting such technology, assists the organization to achieve its business objectives (effectiveness) with appropriate use of resources (efficiency).
• Confidentiality
Confidentiality concerns the protection of sensitive information from unauthorized disclosure. Consideration needs to be given to the level of sensitivity to the data, as this will determine how stringent controls over its access should be. Management need assurance of the organization’s ability to maintain information confidential, as compromises in confidentiality could lead to significant public reputation harm, particularly where the information relates to sensitive client data.
• Integrity
Integrity refers to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations. This is an important audit objective to gain assurance on because it provides assurance to both management and external report users that the information produced by the organization’s information systems can be relied and trusted upon to make business decisions.
• Availability
Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities. Given the high-risk nature of keeping important information stored on computer systems, it is important that organizations gain assurance that the information they need for decision-making is available when required. This implies ensuring that the organization has measures in place to ensure business continuity and ensuring that recovery can be made in a timely manner from disasters so that information is available to users as and when required.
• Reliability
Reliability refers to the degree of consistency of a system or the ability of a system (or component) to perform its required function under stated conditions. Reliability is an important audit objective in order to provide assurance that the system consistently operates and performs its stated functions as expected.
• Compliance with Legal and Regulatory Requirements
Compliance deals with complying with those laws, regulations and contractual obligations to which the business process is subject, that is, externally imposed business criteria. Management and key stakeholders require assurance that necessary compliance procedures have been put in place, as there is a potential risk that the organization could incur penalties should legal and regulatory procedures not be enforced.
• Confidentiality;
• Integrity;
• Availability;
• Reliability; and
• Compliance with legal and regulatory requirements.
Underpinning these goals and objectives is the need to ensure information technology, and the controls supporting such technology, assists the organization to achieve its business objectives (effectiveness) with appropriate use of resources (efficiency).
• Confidentiality
Confidentiality concerns the protection of sensitive information from unauthorized disclosure. Consideration needs to be given to the level of sensitivity to the data, as this will determine how stringent controls over its access should be. Management need assurance of the organization’s ability to maintain information confidential, as compromises in confidentiality could lead to significant public reputation harm, particularly where the information relates to sensitive client data.
• Integrity
Integrity refers to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations. This is an important audit objective to gain assurance on because it provides assurance to both management and external report users that the information produced by the organization’s information systems can be relied and trusted upon to make business decisions.
• Availability
Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities. Given the high-risk nature of keeping important information stored on computer systems, it is important that organizations gain assurance that the information they need for decision-making is available when required. This implies ensuring that the organization has measures in place to ensure business continuity and ensuring that recovery can be made in a timely manner from disasters so that information is available to users as and when required.
• Reliability
Reliability refers to the degree of consistency of a system or the ability of a system (or component) to perform its required function under stated conditions. Reliability is an important audit objective in order to provide assurance that the system consistently operates and performs its stated functions as expected.
• Compliance with Legal and Regulatory Requirements
Compliance deals with complying with those laws, regulations and contractual obligations to which the business process is subject, that is, externally imposed business criteria. Management and key stakeholders require assurance that necessary compliance procedures have been put in place, as there is a potential risk that the organization could incur penalties should legal and regulatory procedures not be enforced.
0 comments for "Discuss the Need of IT Audit"