Information Technology Audit

What are the objectives of an IT audit?

Audit objectives are developed during the planning stage of an engagement and directly align with the business objectives of the area or process under review. Most engagements focus on ensuring controls are in place to effectively mitigate the risks that could prevent the area or process from accomplishing its business objectives. Auditors also ensure that engagement objectives are consistent with the organization’s objectives in regards to:

    ...
Read more about What are the objectives of an IT audit?

What does the audit process look like?

Although every audit is unique, the audit process usually consists of four stages: Planning, Field work, Reporting and (for some audits) Follow-up. Engagement of the client, or the area being audited, is critical at every stage of the audit process. An audit often results in a certain amount of time being diverted from your department’s usual routine. It’s helpful for a client to treat an audit like any other special project and allocate time for you and your staff to participate in the audit process. This minimizes the time necessary for the audit and avoids disrupting ongoing...

Read more about What does the audit process look like?

How are audits selected?

University audits are selected through our Institutional Risk Management process which includes discussion with schools, departments and University management to identify and prioritize operational, financial and compliance risks to the University. A review of industry reports, discussion among peer groups and an understanding of emerging risks or trends informs audit planning and the identification of specific audit projects for the year are chosen based on these assessed risk factors. Additionally, groups or individuals can request audit assistance on a case by case basis. The final...

Read more about How are audits selected?

What is an Information Technology (IT) audit?

An Information Technology audit is the examination and evaluation of an organization's information technology infrastructure, applications, data use and management, policies, procedures and operational processes against recognized standards or established policies. Audits evaluate if the controls to protect information technology assets ensure integrity and are aligned with organizational goals and objectives.

What is an Integrated Audit?

An integrated audit considers the relationship between information technology, financial and operational controls in establishing an effective and efficient internal control environment. Even though issues may not be identified in financial and operational controls, issues identified in information technology may negate the effectiveness of the financial and operational controls and visa-versa. Therefore, an integrated audit evaluates the interplay between...

Read more about What is an Integrated Audit?

Information Technology Audit

The Information Technology (IT) audit group is a unit within Risk Management and Audit Services (RMAS) that focuses on the University's technology environment and supporting operational processes to assure information technology assets are reliable, available, protected and compliant with University policies and procedures, as well as applicable laws and regulations. We emphasize the importance of identifying and mitigating risks associated with the use of data, applications, infrastructure,...

Read more about Information Technology Audit