An information technology audit is an examination of the checks and balances, or controls, within an information technology (IT) group. An IT audit collects and evaluates "evidence" of an organization's information systems, practices, and operations. The evaluation of this evidence determines if the information systems are safeguarding the infomation assets, maintaining data integrity, and operating effectively and efficiently to achieve the organization's business goals or objectives.
The primary functions of an IT audit are to evaluate the systems that are in place to guard an organization's information. Specifically, information technology audits are used to evaluate the organization's ability to protect its information assets and to properly dispense information to authorized parties. The IT audit aims to evaluate the following:
- Will the organization's computer systems be available for the business at all times when required? (known as availability)
- Will the information in the systems be disclosed only to authorized users? (known as security and confidentiality)
- Will the information provided by the system always be accurate, reliable, and timely? (measures the integrity)
In this way, the audit hopes to assess the risk to the company's valuable asset (its information) and establish methods of minimizing those risks.