An integrated audit considers the relationship between information technology, financial and operational controls in establishing an effective and efficient internal control environment. Even though issues may not be identified in financial and operational controls, issues identified in information technology may negate the effectiveness of the financial and operational controls and visa-versa. Therefore, an integrated audit evaluates the interplay between financial, operational and technology processes on the achievement of control objectives.
The following areas are generally examined during an integrated audit:
- The business and information processing risks and controls are understood and agreed upon by the business owners, information technology delivery and support organization, and the integrated audit team.
- Manual and automated feeds, system interfaces, and communications are accurate, timely and secure.
- Manual and automated transactions are approved, timely and accurately processed.
- Information is secure and confidentiality controls follow current regulations and University standards.
- Disaster recovery plans and business continuity plans provide reasonable assurance that both the system and business operations can recover and continue when a system or business interruption occurs.
- Program changes are authorized, tested, approved and migrated to production as prescribed by the business process owners.