Chapter 2. IS Audit Function Knowledge

This chapter looks at the laws and regulations governing Information Systems (IS) audit and the nature and role of the audit charter. It reviews the varying nature of audits and the demand for audits as well as the need for control and audit of computer-based IS. The types of audit and auditor and range of services to be provided is reviewed together with the standards and codes of ethics of both the Institute of Internal Auditors (IIA) and the standards specified by the Information Systems Audit and Control Association (ISACA).

Information Systems Auditing

Effective management of information and related Information Technology (IT) has become of critical importance to the survival and long-term success of any organization. This has arisen because of the increasing dependence on information and the associated systems that deliver this information, together with the costs and size of future use of IT. As a result, management has a heightened expectation of delivery from IT functions and demands improved quality with a decreased delivery time and improved service levels at reduced costs. In addition, the increasing potential from threats such as information warfare or cyber terrorism has added a new awareness. At the same time, the potential for technology to revolutionize organizations and their business practices create new business opportunities and offer the potential to massively reduce costs.

IS Audit has traditionally been based upon the paradigms ...

Get Auditor’s Guide to Information Systems Auditing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.