Süleyman Erdem / Anadolu Group IT Audit Specialist

Information Technologies are evolving, IT audit is adding value

Institute of Internal Auditors (IIA) performs an intense study on expanding the awareness about auditing on each May. I would like to share my experiences about the profession of “Information Technologies Audit” on the “Internal Audit Awareness Month”.

If you are not a personnel of an Information Technologies Department and listening to a conversation such as “before running the patch, we should take the back-up to our server or maybe we should take it to a virtual server at night es are being passed, then we can check the confugiration”. That means you are having a difficulty on understanding a different terminology.

So, what are these IT personnel doing, what are they talking about? What is the value that they add to our work and to the company? To sum up this conversation; in an attempt to serve business units a safe and more contemporary tehcnologic environmet, they are discussing the update of an application that we use in our work. On the other side, they are trying to find out a way of saving the customer database and accounting records while the update is being run. The word ‘night’ in the conversation means that the update will be operated in a time on when the transactions are executed at a minimum level, probably towards morning. Yes, these IT personnel, talking in a different terminology, are trying to produce a value for us.

To simplify the issue evenmore; in early days, we were executing the transactions by using papers and keeping the documents in paper cabinets. On those days, auditors were checking if the documents are fully complete and signed. Even when these cabinets are opened, the opening activity was being recorded with the informaiton of who opened it. Auditors were checking these records if an unauthorized personnel has opened the cabinets or not. If there was an unauthorized opening, they would warn us and report this.

Nowadays, papers are replaced with office programmes, database is used instead of cabinets, applications are put into the position of papers that the opening & closing records are being written.

When we compare the old with the new, some questions appear. Are these records kept in a secure place? Who has the authorization to reach these records? Is there any unauthorized access? Could the access records be deleted? Are we running the operations in accordance with the law related to IT?

As for these kind of cases, there should be some controls automatically working or controls that are being runned manually by IT department personnel. It is crucial that there should be someone who is searching if these controls are efficient and effective and informing the related parties about this. Pesonnel responsible for this, are generally called ‘IT Auditors’.

So as to answer the questions like mentinoed above, IT Auditors evaluate the applications, IT infrastructure and business processes via some control methods. They make suggestions to carry the organization a step further with lower costs, in a secure way and in accordance with the regulations.

This profession area of auditing was formed when auditors and you asked yourself some questions (just as mentioned above) under the technological evolving in the world. In 1978, an institution called ISACA (Information Systems Audit and Control Association), that is aiming to gather the members of ‘IT Audit and Control’ profession, has been established. The greatness of this organization with 140.000 members shows that, while the information systems and the use of it’s technologies are being used, this area of audit will gain more importance. Who knows, maybe on the coming years, systems will check accuracy and trueness of accounting records and auditors will only check if the system operates safely and effectively.

Write a Reply or Comment

Your email address will not be published. Required fields are marked *