Information Technology Audit, also known as Information system Audit. In 1968, the American Institute of Certified Public Accountants published “Accounting Auditing and Computers” to guide accounting firms to carry out auditing in the financial industry, which used computers earlier and more deeply. Strictly speaking, electronic data processing audit or computer audit is not the information system audit in the real sense. The positioning of computer audit is to expand the traditional financial audit as a technical resource, to provide the necessary technical support for auditors to carry out financial audit business involving electronic data.
Certified Information Systems Auditor ISACA certification is initiated by the Information Systems Audit and Control Association (ISACA). It is a symbol of achievement in professional fields such as Information Systems Audit, Control and security. CISA certification spoto shop link is intended for enterprise information system managers, IT managers, IT auditors, or information consultants, information security vendors or service providers, and others interested in information system auditing.
Some industries, such as telecoms companies and banks, rely heavily on computer systems because they have hundreds of millions of users and need to process huge amounts of data every day. This kind of enterprise financial data generation, in many links is based on computer system. For example, the revenue of telecommunications companies is mostly calculated through the billing system.
In this case, auditors often need to audit computer-based information systems to assess the security, stability, and effectiveness of the information system, which is commonly referred to as AN IT audit. At the same time, the auditor may use some computer technology to test some transactions, which is commonly called a computer-assisted audit.
In accounting firms, there is usually a dedicated team of IT or computer-assisted auditors, commonly known as IT auditors or registered information Systems auditors.
The professional qualification for an IT auditor is called CISA (Certified Information System auditor), which is the same meaning that an auditor needs to obtain a CPA qualification.
Taking auditing a telecom enterprise as an example, the main tasks of IT auditors include :
(1) testing whether the information system of this telecom enterprise is safe and reliable. For example, whether the development and upgrading of the inventory system is managed; Whether the employees have their own independent accounts when logging in the inventory system by computer, and whether the passwords are updated regularly; Whether the logs generated by computer background operation are regularly reviewed; And so on. Such tests are called general Control of information Systems (ITGC) tests.
(2) Test whether the system is correct in handling specific business processes. For example, the system collects CDRS and automatically calculates revenues. In addition to revenue, auditors should consider testing the process and results of generating data that are dependent on information systems and have a significant impact on financial statements. Such tests are called application Control of information Systems (ITAC) tests.
- Use computer-aided means to re-verify some data. For example, calculate the current year’s depreciation expense of all fixed assets and add them up, comparing them with the depreciation expense on your books. In the case of a large number of fixed assets or rapid increase or decrease, the traditional rationality testing method is not easy to achieve good results.
In the accounting firm engaged in 1 ~ 2 years of financial audit work, and more interested in IT colleagues, can consider to do IT auditor. IT is conceivable that in the information age, IT auditors will be increasingly useful.