Auditing, a familiar term, is used in the corporate world more frequently. Among various types of auditing, IT auditing is one of them. Before discussing about IT auditing, it is necessary to give you a brief idea about what do we mean by auditing? Auditing is the process by which a competent, independent person accumulates and evaluates evidence about quantifiable information related to a specific economic entity for the purpose of determining and reporting on the degree of correspondence between the quantifiable information and established criteria.
Now the question may arise about who does the auditing? The answer of this question is that the auditors perform the audit works and the auditors are appointed by the corporations but in some cases auditors are appointed by the government. The shareholders as well as the users of the financial statements expect that the auditors perform the audit works with technical competence, integrity, independence and objectivity but they never know whether the auditors perform their works properly or not. That’s why there is an expectation gap exists. We may find three types of risks in auditing such as inherent risk, control risk and detection risk. As audit works are done on sampling basis, it is impossible for the auditors to give the absolute assurance and this is one of the reasons to make people believed that there may exist some risks.
On the eve of the 21st century, IT sectors have developed more than ever as well as applications of IT. Can you show me any corporation which does not use any kinds of technology nowadays? You never find a single corporation like that. And this is the only reason for which IT auditing is an emerging issue for the corporations. Now take a brief look about the scope of IT auditing:
- Corporations have the internal computer networking system. If the security of the system is week, someone may hack the entire data of the corporation.
- Corporations provide individual ID and maintain individual profiles for every employees in the computer systems.
- Some corporations may use login approval for the employees specially big corporations. It is not ethical to login to other employees’ accounts.
- Corporations may replace or update the existing software. It is the responsibility of the corporations to whether the software works properly or not.
- In case of using credit cards, customers’ credit cards numbers and passwords should be kept safe by the card issuers in the computer systems.
- Top level management should have the control over the entire corporations via a strong IT system.
In developing countries, it is seen that corporations do the audit works mainly for the financial statements but not for their IT systems though they are already using it. So, those who have the expertise in IT, may easily use the valuable information of the corporations without the permission of the appropriate authority. Now, we see what kinds of assurance can be given by IT auditing:
- Access control both LAN (Local Area Network) and WAN (Wide Area Network)
- Classification and encryption of data
- Malware protection
- Security for data center of the corporations
- Update, backup and review of new IT systems
- Prevention of hacking into corporations’ servers as well as databases
- Customer loyalty and satisfaction
Recently, some professional courses are being offered for IT auditing like as CISA (Certified Information Systems Auditor), CCP (Certified Computer Professional), CITP (Certified Information Technology Professional) and so on. Corporations always want more profits and that’s why customer satisfaction is necessary. IT auditing is one of the scopes of customer satisfaction for the corporations. In a word, IT auditing is important both for the corporations and the shareholders.
2. Auditing and Assurance, CA professional stage knowledge level, The Institute of Chartered Accountants of Bangladesh
Paul Bikash Chandra
Latest posts by Paul Bikash Chandra (see all)
- Ensuring Environmental Sustainability in this Current Age - 20 December 2014
- Achieving Universal Primary Education - 15 November 2014
- Corporate Social Responsibility Should be Compulsory in Bangladesh - 22 October 2014