Chapter One

Overview of Systems Audit

IN THIS CHAPTER WE discuss why an information systems audit would be conducted. The chapter also identifies the challenges that an auditor will face while auditing a computerized system. Critical differences between computerized and noncomputerized systems have also been identified. Upon completion of this chapter, the reader will have an understanding of the salient features of a computerized system that an information systems auditor must keep in mind.


An information systems audit is an examination of various controls within an information systems infrastructure. It is the process involving collection and evaluation of evidence of the design and functions of controls designed and implemented in information systems, practices, and operations. The auditor, subsequent to evaluation of the evidence, forms an opinion on whether the information systems safeguard assets, maintain data integrity, and operate effectively and efficiently in order to achieve the agreed-upon goals and objectives of the entity. An information systems audit can be performed independently of or along with an audit of financial statements. More often than not, it remains an independent function used during testing of controls.


Under the existing practices in various countries, any person having a recognized qualification in information systems audit can conduct an information systems audit. To be a recognized qualification, ...

Get Understanding and Conducting Information Systems Auditing + Website now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.