CHAPTER 1:

Technology has impacted the three significant areas of

Electronic Data Processing business environment:
Former names of  What can be done in business in terms of
Computer Information information and as a business enabler
System IT Auditing
 Its impact on the control process
 Impact in the auditing profession in terms of
IS Auditing how audits re performed

Just-In-Time (JIT) Flexible

Early components of IT auditing were drawn from manufacturing and
several areas: Lean Manufacturing improvement
 Traditional Auditing – contributes knowledge of programs which
internal control and the overall control Total Quality enable low cost
philosophy. Management production
 IS Management – provides methodology
necessary to achieve successful design and Modified Barter Exchange System – a common medium
implementation of systems. of exchange was agreed upon.
 Behavioral Science – provide questions and Electronic Fund Transfer (EFT) – allows the convenience
analysis to when and why IS are likely to fail for paying for goods and services without having to use
because of people problems. checks or currency.
 Computer Science – contributes knowledge Virtual Commerce – involves a new world of electronic
about control concepts, discipline, theory and cash
the formal models that underlie the hardware Areas of Concern with E-Commerce:
and software design as a basis of maintaining  Confidentiality
data, validity, reliability, and integrity.  Integrity
 Nonrepudiation
IT auditing is an integral part of audit function because  Authentication
it supports the auditor’s judgment on the quality of
information processed by computer systems. Sarbanes-Oxley Act of 2002 requires auditor rotation.
(Every 5 years).
Different types of audit needs within IT auditing:
1. Organizational IT Audit Computer Security Act of 1987 – it was drafted due to
2. Technical IT Audit congressional concerns and public awareness on
3. Application IT Audit computer security-related issues and because of
4. Compliance IT Audit disputes on the control of unclassified information.
5. Development/Implementation IT Audit Privacy Act of 1974 – the purpose of this to provide
certain safeguards to an individual against an invasion
Auditor’s primary role is to provide statement of of personal privacy.
assurance as to whether adequate and reliable internal Electronic Communications Privacy Act – one of the
controls are in place and are operating in efficient and leading early pieces of legislation against violation of
effective manner. private information as applicable to online systems.

COBIT (Control Objectives for Information and Related The auditor is part of the institutional team that helps
Technology) – ensures information needed by create shared governance over the use, application, and
businesses is provided by technology and required assurance over IT within the organization.
assurance qualities of information are both met.
Security – biggest factors for individuals interested in
Colloquium for Information Systems Security making online purchases by using digital money.
Educators (CISSE) – leading proponent for
implementing the course of Instruction in Information
Security (InfoSec) and Information Assurance in
education.