Information System Auditing, also referred to as automated data processing (ADP) auditing, electronic data processing (EDP) auditing and information technology (IT) auditing, is primarily an examination of the system controls within an IT architecture — which is the process of evaluating the suitability and validity of an organization’s IT configurations, practices and operations. Information System Auditing has been developed to allow an enterprise to achieve goals effectively and efficiently through assessing whether computer systems safeguard assets and maintain data integrity.
Within a for-profit organization, the managers are typically concerned that the systems they use provide the most effective way to maximize return on stakeholder investments. Groups such as environmental groups, and civil rights groups are concerned with other aspects of how an enterprise runs their business.
Nearly 60 years ago most systems were manual with paper. Much of that work has now been replaced with computer systems. With the widespread use of computers we are now compelled to maintain control of the data in those systems. The misuse of data can lead to misallocated resources, abuse of privacy can occur with uncontrolled distribution of data. Whenever one of these events occur the media makes sure the world knows about it as it produces good news copy, many people don’t understand and therefore fear is easy to generate. This provides support for the notion George Orwell’s 1984 is upon us.
With the widespread use of computers and the ever increasing computing power available in desktop and mobile computing devices, it is important to control how the data within these devices is managed.
Everest 1985 proposed that the data within an organization was an image of itself The failure or success of this image will determine the success or failure of the organization, if some is lost then the organization will incur loss.
An example of this is when the purchasing records are destroyed then a business can suffer failure through inability to manufacture and/or supply to customers. This can occur when management fails to provide adequate budget to support proper backups. The lost data then becomes unrecoverable.
The misuse of computer system can lead either directly or indirectly to poor decision making. This can occur when either someone edits data to represent incorrect information thereby leading others to make bad decisions or the person reviewing data can tamper with it to allow them to give incorrect information. Recently the world has seen a number of events that are evidence of what goes wrong when this happens. Computer abuse is becoming more prevalent in organisations and that abuse is an increasing expense to the business.
A good definition of Information System Auditing is the process of collecting and assessing evidence to show that safeguards to protect against abuse, safeguards assets maintains data integrity and allows the organisation to continue successfully. Often in today’s world the reason a system is audited is to determine of the organisation is adhering or able to adhere to regulatory requirements such as SOX or HIPAA.
Many of the problems that auditing is there to address are due to the speed that the technology changes, that without auditing would allow things to be done in some cases badly or just plain wrong.