Our IT Audit practice has recognised capabilities and subject matter experience assisting clients in understanding areas of business and industry risk (governance, process, operations, and IT) that translates and aligns IT risk components to the business, with the ability to go beyond a company’s standard areas of IT controls and to ensure business-IT alignment.
An IT audit can be defined as any audit that encompasses review and evaluation of automated information processing systems, related non-automated processes and the interfaces among them. Planning the IT audit involves two major steps. The first step is to gather information and do some planning the second step is to gain an understanding of the existing internal control structure.
More and more organizations are moving to a risk-based audit approach which is used to assess risk and helps an IT auditor make the decision as to whether to perform compliance testing or substantive testing. In a risk-based approach, IT auditors are relying on internal and operational controls as well as the knowledge of the company or the business. This type of risk assessment decision can help relate the cost-benefit analysis of the control to the known risk.