INFORMATION SYSTEM AUDIT: ITS RELEVANCE AND VALUE TO ORGANIZATIONS

  Oluwatomi Babatunde (BSc Management Information Systems, CISA, PECB ISO 27001 Auditor)
Information Technology Compliance Specialist. IHS Towers, Dubai. 

Introduction

As reliance on IT systems continues to increase, so does the variety of internal and external threats. The continuous integration of Information technology and business constantly puts Chief Information Officers /Chief Technology officers (CIOs/CTOs) under extraordinary pressure.

As continuous integration persists and business is solidified by Information Technology systems, some risks originally associated with other business units are now being transferred to Information Technology (IT) departments and CIOs. To alleviate this pressure, potential risks in the Information technology systems must be discovered promptly and mitigated to an acceptable extent as these risks can result in significant financial loss and reputational damage.  Therefore, one of the most important responsibilities of the Information System Audit (ISA) function is to help discover these potential risks. The effectiveness of information systems controls is evaluated through information system audit. 

ISA spans across a variety of IT processes, communication and infrastructure which include operating systems, databases, servers, web services, software applications, security systems, datacenters, business continuity, networks etc. Carrying out IS audits help to ensure that there are no errors within the IT system, hence sealing up lapses and vulnerabilities that could be leveraged on for an attack. 

In terms of responding to IT risks, the importance of IT or IS audits can be categorized into two extents [1] 

• To prevent risks: Information system audits could assist companies in identifying and preventing risks within the Information technology systems and processes that support the business. Also, it could help organizations configure their Information technology systems to avoid possible risks from external/internal compliance. 
• Effective Management of risk: This involves collaboration between the Information System Audit unit and the technology department/CIO to effectively manage or mitigate identified risks, utilizing detective and corrective measures.

Some benefits of Information System Audit are: [2]  

• Information Technology Risk Reduction: It helps to tackle risks related to the availability, integrity, and confidentiality of IT processes and infrastructure. Risk identification and assessment which are core processes in detecting threats and vulnerabilities would help improve the reliability, effectiveness, and efficiency of Information Technology systems within a defined scope.
• Improvement in security of data: Having identified risks around business controls/objectives, organizations can redesign, adjust or strengthen poorly designed or implemented controls. This then helps to improve the security of data.
• IT Governance enhancement: Information system audit is a critical function that helps in ensuring adherence to business laws, regulations, best standards, and policies, as strong governance is deemed important in improving the long-term value of stakeholders within an organizational sphere. 
• Fraud detection and prevention.

The Goal

The goal of information system audit is primarily to provide reasonable assurances to Management on the adequacy and effectiveness of controls in and around business processes/objectives while making sure risks identified are mitigated. It also helps to assist the organization’s information technology personnel to effectively fulfill their responsibilities towards the achievement of defined Information technology goals set by Management. These goals/objectives set by Management are strategic in nature, to ensure that the organization’s information technology strategy reflects and aligns with the organization’s business strategy, therefore improving the stability, security, reliability, integrity of the data and information which the organization depends on to make critical decisions. Furthermore, the set goals help to improve the effectiveness and efficiency of information system operations which promotes strict compliance with relevant laws and regulations. Therefore, the reason Information systems audit is becoming more important in businesses is that it facilitates business stability by relying on properly risk-managed with adequate controls in place for information systems to support achieving management goals and objectives.

Conclusion

The need for audit, security, and control is critical in all areas of IT and remains one of the biggest challenges to address  now and in the future. All professionals must work together to design, implement, and safeguard the integration of various technologies deployed in the workplace. With respect to this, the importance of Information System Auditors cannot be overstated, and every organization should have IS Auditors in their workforce. 

2. NetComp. 25/05/2015. A step towards trouble-free IT workplace. NetComp Solutions