The role of information technology (IT) control and audit has become a critical mechanism for ensuring the integrity of information systems (IS) and the reporting of organization finances to avoid and hopefully prevent future financial embarrassments. In early days, IT auditing (formerly called electronic data processing (EDP), computer information systems (CIS), and IS auditing) evolved as an extension of traditional auditing. At that time, the need for an IT audit function came from several directions
• Auditors had realized that technology can aid in the audit assessment
• Corporate and information processing management recognized that computers were key resources for competing in global markets
• Professional associations and organizations, and government entities recognized the need for IT control and audit ability
Initially, auditors with IT audit skills were viewed as the technological resource for the audit staff. The audit staff almost always used them to get technical assistance. However with the passage of time and more importantly with the growth of technology this attitude has changed. The IT auditor's role has evolved to provide assurance that adequate and appropriate controls are in place. However it will still be the management’s responsibility to ensure that the controls are in place. The audit's primary role is to provide a statement of assurance as to whether adequate and reliable internal controls are in place and are operating in an efficient and effective manner. Therefore, whereas management is to ensure, auditors are to assure.
Today, IT auditing is a profession with conduct, aims, and qualities that are characterized by worldwide technical standards. It requires specialized knowledge and practicable ability, and often long and intensive academic preparation. Growth in technology has once again contributed and provides an IT auditor with better theoretical and empirical knowledge base to the IT audit function. Owing to the rapid diffusion of computer technologies and the ease of information accessibility, knowledgeable and well-educated IT auditors are needed to ensure that effective IT controls are in place to maintain data integrity and manage access to information. Organizations today operate in a dynamic global multi-enterprise environment with team-oriented collaboration and place very stringent requirements on the telecommunications network. The design of such systems is complex and management can be very difficult. Organizations are critically dependent on the timely flow of accurate information. This means that the products for which IT provides consumer feedback will also be of high quality, rich in information content, and come packaged with a variety of useful services to meet the changing business conditions and competition. This is also a key area in which an IT auditor through his audit reports provides key insights to the top management.
Going forward IT auditors will now have to act as change agents and provider assurance to management on the controls implemented. They will need to have expert knowledge about IT risks and controls, and to be effective, they need to be business-savvy and able to engage with top management and be proactive in initiating IT governance programs.