IT should be governed by best practices that ensure an organization's information and related technology support enterprises business objectives.
- By today standards, IT is an intrinsic part of business and not considered as a seperate department.
- How IT is applied within an organization will have an immense effect on whether the organization meets its objectives or not.
Auditing plays a key role in making IT successful for an organization. One of the main goal of audit is to give recommendations to improve the quality and effectiveness of IT.
An audit can also monitor compliance and make sure that IT is in compliance. Reporting on IT governance invovles auditing at the highest level in the organization which can cross departmental boundries.
An audit should be defined by the clear scope of work to be done with a clear definition of the functional areas and its issues.
Auditors should remain objective and independent, and if this cannot be taken care of internally , a third party independent auditor can be hired.
The IS Auditor should assess the followings:
- The alignment of the IS function to the organization's objectives.
- If the performance objectives are being achieved.
- Compliance to regulatory laws and requirements.
- Control Enviroment of the organization.
- Inherent risks within the IS enviroment.
- The IT investment or expenditure.
No comments:
Post a Comment