The best audits are now risk-based. That is, instead of going down a punch list of questions and assigning equal weight to every issue, the auditor attempts to understand the specific risks which are most likely to endanger a business and to concentrate his/her efforts in those areas. Of course, there are always definite areas of inquiry which must be covered within an information systems audit, but every audit exception does not pose an equal danger to the enterprise. By using the risk-based method, the greatest effort is applied to the areas of greatest risk.
Because of the importance of an information systems audit, it is imperative that the right individual or firm be selected to perform this essential task. With over 47,000 members in 140 countries, the Information Systems Audit and Control Association (ISACA®), has become the globally-accepted standard of achievement among information systems audit, control, and security professionals. This organization awards the CISA (certified information systems auditor) certification to individuals who meet a number of stringent requirements including: read more
UNDERWOOD & ASSOCIATES, INC © 1983-2010