An integrated audit considers information technology, financial and operational controls as mutually dependent for establishing an effective and efficient internal control environment.
From an information technology perspective, the objective is to assure that information technology controls are effective and efficient to support the business process. From a financial and operational perspective, the objective is to assure that financial and operational controls are effective and efficient to support the business process. Even though issues may not be identified in financial and operational controls, issues identified in information technology may negate the effectiveness of the financial and operational controls and visa versa. Therefore for an integrated audit, all perspectives need to be considered since information technology, financial and operational issues can significantly impact the achievement of management’s objectives of safeguarding information system assets and ensuring reliability and integrity of information.
The integrated audit includes an audit of the applications, servers, and network configurations that support the business process. The examination and testing of the application, servers, and network configuration are similar to that of an information systems audit.
Additionally, the information system and the financial and operational auditors collaboratively consider the following as they relate to the business process being examined:
- The business and information processing risks and controls are understood and agreed upon by the business owners, information technology delivery and support organization, and the integrated audit team.
- Manual and automated feeds, system interfaces, and communications are accurate, timely and secure.
- Manual and automated transactions are approved, timely and accurately processed.
- Information is secure and privacy controls are in compliance with current regulations and University standards.
- Disaster recovery plans and business continuity plans provide reasonable assurance that both the system and business operations can recover and continue when a system or business interruption occurs.
- Program changes are authorized, tested, approved and migrated to production as prescribed by the business process owners.
The business process owner is ultimately responsible for ensuring information technology and financial and operational controls are implemented, effective and efficient.