Systems, Process and Information Technology Assurance

An information systems/technology audit should not be confused with a financial statement audit. While there may be some abstract similarities, a financial audit's primary purpose is to evaluate whether an organization is adhering to accounting policies. However, the primary functions of an IT audit are to evaluate the system's efficacy and security protocols, in particular, to evaluate the organization's ability to protect its information assets and properly dispense information to authorized parties. The IT audit's agenda may be summarized by the following questions:

• Will the organization's computer systems be available for the business when required? (Availability)
• Will the information in the systems be disclosed only to authorized users? (Confidentiality)
• Will the information provided by the system always be accurate, reliable, and timely? (Integrity)

Thus, IT audit focuses on determining risks that are relevant to information assets, and in assessing controls in order to reduce or mitigate these risks. By implementing controls, the effect of risks can be minimized, but cannot completely eliminate all risks.

Why is this important? Becuase several information technology audit related laws and regulations have been introduced in the United States and the expectations of every entity continue to increase. Regulations include the Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA) and the Foreign Corrupt Practices Act.

Ask us how we can assist your organization with our technology assurance services.