Why We Audit Information Technology

Regarding the protection of information assets, one purpose of an IT audit is to review and evaluate an organization's information system's availability, confidentiality, and integrity by answering questions like:

Will the organization's computer systems be available for the business at all times when required? (Availability)
Will the information in the systems be disclosed only to authorized users? (Confidentiality)
Will the information provided by the system always be accurate, reliable, and timely? (Integrity).

Types of IT:

Systems and Applications: an audit to verify that systems and applications are appropriate to the entity's needs, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity.

Information Processing Facilities: an audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.

Systems Development: an audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development.
Management of IT and Enterprise Architecture: an audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.

Client/Server, Telecommunications, Intranets, and Extranets: an audit to verify that controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.

Information Technology Audit Process
The following are basic steps in performing the Information Technology Audit Process:

Planning
Studying and Evaluating Controls
Testing and Evaluating Controls
Reporting
Follow-up