ISSC 471 Importance of IT Auditing Powerpoint presentation


A PowerPoint presentation with a minimum of 10 slides outlining the following:

At a

minimum include

the following:

  • Detailed description of the area researched

  • Technology

    involved in the area
  • Future trends in the area

  • Example companies

    involved in the area
  • Regulatory issues surrounding the area
  • Global implications for the area
  • References (minimum of 4)

The Importance of IT Auditing
Institutional Affiliation
The Importance of IT Auditing
Auditing has for a long time being regarded as the evaluation of an organization’s financial
system and controls. However, there are various aspects of an organization that require auditing
with the audit of Information Technology being one of them. This refers to any audit involving
the information technology systems, management operations, and the automated process together
with related interfaces. IT auditors just like the financial auditors need to have an understanding
of the company operations both in the past and in the presence. This paper shall, therefore, be
looking at the general IT audit process and what it entails. The document shall also be looking at
the importance of the audit process in the operations of the organization.
The IT audit process
Most businesses have today shifted from manual operations and digitized most of their functions.
Today, most organizations have turned to digital platforms as a way of running their businesses
as including the storage and retrieval of information (Marchewka 2014). As such, there is the
need to continuously evaluate and analyze the information systems to endure that no information
has been misrepresented and that the system is used for the above purposes is up to date. IT
auditors, therefore, follow some process in evaluating the effectiveness of the system.
The IT Audit Process
Though planning is concentrated at the start of the audit process, it continues throughout until
auditing has been completed and recommendations made. However, initial planning is key to the
successful realization of a successful procedure. The initial preparation requires that the auditors
have an understanding of the organization and how it operates.
In understanding the organization, the auditor must be knowledgeable of the business and
practices to determine the scope of the audit. As such, the organization must be willing to
provide them with the necessary information regarding their transactions and how the system
works for the different departments (Rosli, Yeow, & Siew 2012). The structure and hierarchy of
the IT department must also be understood to determine the extent to which each has access to
the information system.
Once the auditor has a proper understanding of the organization, the next step of the planning
process involves the gathering of the required information. This information should review the
system set up and how it was supposed to function upon installation. The hardware and software
configurations of the system requires to be analyzed for the auditor to have a background
understanding of how the system is supposed to operate.
Audit objectives and scope
The audit process must have clear goals and objectives that should be met at the end of the
procedure. The auditors must therefore in conjunction with the management determine the main
reason behind the need for an IT audit. The primary objective of the audit is to ensure
compliance with the law. However, the process is meant to benefit the organization in various
ways. The management must, therefore, define the objectives of the audit in addition to the goals
that the auditors are meant to meet in the process. The scope of the audit refers to the boundaries
set for the persons undertaking the process. This includes the extent to which they are supposed
to assess the system and the timelines within which they should have completed the same.
Evidence collection and evaluation
To come up with indisputable facts, the auditors must have evidence to support their findings.
Data collection process come into play at this point where different approaches are used in
coming up with the best information. Such methods as interviews and questionnaires could be
used in the process hence giving the auditors primary data from both the employees and the
management. Data collected from the employees are highly useful as they are the people directly
involved in the running of the system; hence they understand the challenges that come with the
system. The information they provide is also used in assessing the risks associated with the
system and recommending changes that could be implemented in averting these risks.
Documentation and reporting
Once the audit has been completed, auditors must file and present their final submissions to the
management and other relevant authorities for evaluation. The report should contain all the tasks
undertaken, the findings and recommendations that have been made based on the weaknesses
and weaknesses found in the system. This final step is meant to assist the organization makes the
right decisions on how best the system could be improved in ensuring the safety of the company
information. The audit team should also inform the management and other stakeholders of the
limitations they came about in the audit process.
Information Technology Audit Tools
Depending on the size of the organization and the bulk of information stored in their systems,
auditors should select the best tool in the audit process. It would not be easy to do the audit
manually and as such, different tools that help analyze the systems within the set timelines. Most
of these tools have been designed to fit in the description of the various systems (Cetindamar,
Phaal, & Probert2016). An analysis of the system is carried out, and the resulting outcome is
used to determine the best approaches to optimizing the efficiency of the system.
Importance of IT audit
Most of the organizations have shifted their data management approaches making use of
computer software to store, back up, and retrieve the same. As such, these organizations are
making considerable investments in their business processes since they have realized the benefits
that come with the same. However, the installation of these systems does not mean that the
information is completely secure. Auditing of the systems is required just like it is with financial
auditing. IT audits are necessary for the following reasons;
Once the installation of the system has taken place, there is the need to ensure that its operation
is optimum. Audits are meant to assure the organization that the system is operating optimally
and that there is no cause for alarm. Often, these systems are prone to attacks and invasion by
unauthorized parties through cybercrimes such as hacking. Audits are therefore meant to
reinforce the security of the system.
Individuals are given the role to run the audit take their time to cross check the system, and
where need be, provide a recommendation on areas they feel need improvement. Since
organizations may introduce new operations that upon inclusion into the information system may
render the system nit as useful as before. An upgrade of the system could, therefore, be required
in a bid to improve the functioning of the system. The update should be initiated upon
presentation of the report and approval by the management.
It is not always that the management can follow up on the information stored in the information
system. Due to lack of integrity, some employees may be tempted to alter the data stored in the
system hence misinforming not only the organization but also other parties depending on the
information such as stakeholders and the shareholders. Cases have been there where the data
stored in the information system turns out to be a hoax especially when it comes to financial
reporting. Shareholders have been misled on the financial position of the organization through
improper reporting by organizations.
With proper auditing, the information presented in the information system is set to be analyzed,
and the correct position of the organization is made public (Hall 2015). Fraudulent procedures
are uncovered in the process, and the people responsible for the tampering of the information are
brought to book. As such, the auditors are supposed to give transparent information after they
have completed the audit. Theirs is, therefore, a role that helps eradicate cases of misinformation
to the interested parties.
Data protection
Audits are meant to instill discipline in workers who would be tempted to tamper with the data.
The auditors should, therefore, be open and bring to light any suspicions of data tampering
within the system. Information systems have security protocols that ensure data is used only for
the purpose intended. Any other unauthorized access and manipulation of the data should be
monitored, and audits play this role.
Once the information system has been tampered with, the chances are that there could be
disruption of services offered by the organization. A proper approach into the management of the
IT system is therefore adopted once the audit process has been completed and recommendations
made. The administration should, therefore, ensure that both internal and external audits are
carried out on an annual basis to ensure consistency in the way data is managed. Poor
management of the data and information at the organizational level is one of the leading causes
of corporate failures. External auditors contracted to run the audit are under the direct rule of the
law and as such, their compliance forces the internal auditors also to comply reducing the risk of
the system being tampered with.
Risk assessment and management
The audit is meant to look into the loopholes that could exist within the system and recommend
ways of closing the existing gaps. As innovation continues to take place, so does the
improvement of how information systems work. This renders the previous versions weaker
compared to the new ones. As such, these systems are prone to hacking making them insecure
for use.
To avoid such cases, the audit team proposes new measures that should be put in place to ensure
that the system is up to date. These recommendations are based on further improvements in the
market. Usually, these improvements are meant to improve the security of the system and its
interface thus providing the organization with a secure way of storing their data.
Compliance with the law
The final and most important reason why information systems should be audited is that the
organizations are under the obligation to comply with the law. The federal and state governments
have set standard policies that should be followed by organizations when it comes to running an
audit on their information systems.
Some institutions are heavily impacted by these laws depending on the sensitivity and
importance of the information they are holding. Hospitals and other health institutions, for
example, are under strict regulation from the government regarding how they handle patient and
client information. As such, their information systems should be on such a way that the
information they are holding should only be accessed by authorized personnel. They must,
therefore, have consent from either the government or the individual themselves before
disclosing any of the information.
Hospitals are not the only institutions with the obligation to ensure compliance with the
requirements of the law. Other organizations have to ensure that their information handling
process is up to date with the requirements of the law. Some information at organizations such as
publicly traded companies has to be made public since shareholders must be well informed of the
financial status company and the market trends (Rhodes-Ousley 2013). Concealing this
information from interested parties could lead to the company being liable for acting contrary to
the provisions of the law.
Conclusion and recommendation
Information auditing is as a result of the continued technological innovations taking place in the
modern world. Today, information storage and retrieval have been digitized forcing
organizations to back up their information on information systems. These systems are prone to
attacks and manipulation by individuals who would like to harm the company or alter the
information for personal benefits. Security breaches are also common especially in the wake of
computer gurus who seek to destroy some of the software that has been developed in the recent
past. IT auditors come in handy in checking the operations of the organization and the security of
the information system in place. This is meant to ensure that the information provided to the
public or the interested parties is free of errors and that it has not been tampered with in any way.
This is a requirement by the law and failure to initiate an audit could lead to the prosecution of
the company’s top management.
Auditors have to, therefore, ensure that the proper approach in running the audit is considered by
selecting an audit tool that fits in the description of the system should be used in the process. The
management of these organizations should also make it their business to give their employees
insight into the need for integrity while handling the company information. Annual audits on the
system should also be initiated in to allow for improvements on the system in areas where there
are loopholes. Determination of whether the system has been tampered with or not is also
realized in the process giving the management an opportunity to freshly vet all the employees
with authority to access the system.
Rosli, K., Yeow, P. H., & Siew, E. G. (2012). Factors influencing audit technology acceptance
by audit firms: A new I-TOE adoption framework. Journal of Accounting and
Auditing, 2012, 1.
Hall, J. A. (2015). Information technology auditing. Cengage Learning.
Rhodes-Ousley, M. (2013). Information security: the complete reference. McGraw Hill
Cetindamar, D., Phaal, R., & Probert, D. (2016). Technology management: activities and tools.
Macmillan International Higher Education.
Marchewka, J. T. (2014). Information technology project management. John Wiley & Sons.
Chen, Z., & Yoon, J. (2010, July). IT auditing to assure a secure cloud computing. In 2010 6th
World Congress on Services (pp. 253-259). IEEE.
The Importance of IT Auditing
Annotated Bibliography
Institutional Affiliation
The Importance of IT Auditing
It is normal for organizations to do an audit on their finances in order to determine the financial
position of the organization. In the wake of technological innovations and the use of electronic
systems to store company data, it is important that an IT audit is carried out as it is a norm in the
financial audit. The research paper shall, therefore, be analyzing the importance of carrying an IT
audit in any of the organizations with reference to scholarly materials and information from other
Hall, J. A. (2015). Information technology auditing. Cengage Learning.
Hall looks at the definition and history of information technology auditing. A review of how IT
has changed the operations of different organizations in a bid to streamline their ways of
information storage and retrieval has been captured in this source.
James Hall is an author focusing on information technology in accounting. This book, therefore,
provides students with useful information on how to cope with existing information audit issues
especially in this era of highly computerized organizations and the necessary compliance
Chen, Z., & Yoon, J. (2010, July). IT auditing to assure a secure cloud computing. In 2010
6th World Congress on Services (pp. 253-259). IEEE.
The main focus of this article is on cloud computing and the emerging issues surrounding the
same. Some of the information to be retrieved from this source include the best checklists for
information technology auditing as captured by the author. Reasons, why organizations should
make information technology a serious consideration in their operations, shall also be deduced
from the source.
Zhixiong Chen and John Yoon are it specialists and taking part-time lecturing on the same issue.
Their research is based on the experience they have, making this source a reliable source of
Rosli, K., Yeow, P. H., & Siew, E. G. (2012). Factors influencing audit technology
acceptance by audit firms: A new I-TOE adoption framework. Journal of
Accounting and Auditing, 2012, 1.
Rosli, Yeow, & Siew begins by looking at how businesses have shifted their focus to e-business
and incorporation of information technology in their operations. Audit tools that are used by
information technology audit firms have been well captured in the source in addition to the law
requirements for organizations to run an IT audit.
This source shall, therefore, be useful in giving information on how organizations could comply
with the requirements of the law regarding IT auditing. This includes the considerations that
should be made before selecting an audit firm to assist them in the process.

Purchase answer to see full

We offer the bestcustom writing paper services. We have done this question before, we can also do it for you.

Why Choose Us

  • 100% non-plagiarized Papers
  • 24/7 /365 Service Available
  • Affordable Prices
  • Any Paper, Urgency, and Subject
  • Will complete your papers in 6 hours
  • On-time Delivery
  • Money-back and Privacy guarantees
  • Unlimited Amendments upon request
  • Satisfaction guarantee

How it Works

  • Click on the “Place Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
  • Fill in your paper’s requirements in the "PAPER DETAILS" section.
  • Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
  • Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
  • From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.