strategies, plans, and procedures dictated organizations seeking certifications for

by the organization itself - the staff are process or service quality, maturity, etc.
familiar with the system used. must undergo certification audits by
independent auditors.
driven by organizational requirements : IT governance,
risk management, or quality assurance.
may represent based on the
many different knowledge nature of their business
areas, skills, and capabilities. Internal auditor operations or the industries
in which they participate.

Why audit?
often work as employees of Internal Audit auditors need to be proficient
the
organizations they audit.
Who gets audited? insistence on auditor
independence
Administrative
Internal Controls
. IT audit characteristics
TYPE
Technical

Physical the substance of auditing activities,

as the controls are the items that
Preventive
are examined, tested, analyzed, or IT Audit Fundamental formal inspection and :
verification to check whether
PURPOSE
otherwise evaluated a standard is followed,
Detective records accurate, etc comprises a wide
range of standards,
Corrective requirements, and
What is IT audit? other
Performed by audit criteria
auditors and entities External Audit Data center/hosting facilities corresponding to
outside the processes, systems,
organization technologies, or entire
may be performed by Applications organizations
a single person or a What to audit? subject to IT audits.
team according to Interfaces
the complexity
Databases
External Auditor
driven by a need or desire to demonstrate Network infrastructure
follow procedures compliance with externally imposed Storage
and apply criteria that should be standards, regulations, or requirements
available applicable to the type of organization,
industry, or operating environment.