Infotech (IT) auditing gathers and assesses information referring to an IT facilities. An IT audit might enhance a monetary audit, however it is particularly created to evaluate the IT facilities's precision, performance, and security. Around considering that the 1960s, IT audits have actually ended up being particularly essential in the 21st century, when so much of a business's activity is carried out or helped digitally.
The very first IT audits were demanded by the use of electronic devices in accounting systems. Early computer systems did bit more than that-compute-and the mix of their expenditure with their extremely narrow focus of applications suggested that they were embraced gradually. General Electric used a digital accounting system in 1954, computer system use was an extremely specialized ability, and early input techniques (such as punch cards or paper tape) were tiresome to error-check.
With the advancement of specific workplace computer systems in the 1960s and the shift towards establishing computer systems for individuals who did not work on them for a living, bigger services started to incorporate computer systems into a few of their accounting treatments, specifically information storage (such as to monitor stock or appointments) and managing big quantities of complex details. The very first IT audits were for that reason electronic information processing (EDP) audits, doublechecking the precision of the software application systems in use at a business and the information participated in and stemmed from them.
This resulted in the advancement of customized accounting software application, and in 1968 the American Institute of Certified Public Accountants assisted formalize EDP audits, keeping them at the extensive requirements used by monetary audits. The Electronic Data Processing Auditors Association (EDPAA) was formed quickly afterwards, for the growing variety of accounting professionals who focused on EDP audits. EDPAA has considering that (in 1994) altered its called to the Information Systems Audit and Control Association, and releases CobiT-Control Objectives for Information and associated Technology, the extensively accepted list of requirements and goals in IT audits.
IT auditing ended up being specifically focused on in the consequences of the Equity Funding Corporation of America scandal of 1973, when previous EFCA staff member Ronald Secrist and expert Ray Dirks reported that the Los Angeles company-which offered shared funds and life insurance-was guilty of extensive and orderly accounting scams. A minimum of 100 workers because 1964 had actually been guilty of tricking financiers and the federal government, which deceit consisted of a computer system committed to the forgery of insurance plan for fictitious insurance policy holders.
Figuring out the degree of the scams, naturally, implied auditing the computer system, in addition to all others in use by the company-a procedure that took control of 2 years. In the wake of the 21st-century accounting scandals, the Sarbanes-Oxley Act of 2002 was passed, developing more stringent requirements for public business boards and public accounting firms-with a higher focus on IT audits.
There are 5 classifications of IT audits:
Systems and Applications audits test the input, output, and processing at all levels of the business's systems and applications.
Info Processing Facilities audits test the control of the processing center under regular and disruptive conditions. Systems Development audits analyze the systems under advancement to make sure that they satisfy the business's goals and requirements.
Management of IT and Enterprise Architecture audits analyze the organizational structure and treatments in use.
Client/Server, Telecommunications, Intranets, and Extranets audits concentrate on networking problems, a location where there is specific interest in remaining present in security procedures.
Infotech alters quickly, as does its position in the procedure of working. IT auditors, though they might be CPAs, are normally more versed in details systems, with a basic understanding of accounting concepts, because the accounting element of their task is the more fixed component in the mix, while the implications, security issues, and capacity for abuse of innovation are constantly in flux.