This chapter gives a broad overview of IT auditing, explaining what auditing is, why auditing is performed, the subjects of audits, and who conducts audits, and defining key terms and concepts referenced throughout the book. It seeks to answer the basic questions someone new to IT auditing would ask—the who, what, when, where, and why—and subsequently sets up more detailed chapters that go into more depth as to how auditing is done. This chapter distinguishes between internal and external auditing in terms of the purposes, rationale, and requirements for each and carries this distinction through to the types of organizations and auditors involved. It also describes the various career paths and professional development ...