Article Directory AndorraFollowing the guidelines/tos submitting UNIQUE and ORIGINAL article/s (never published to other sites/blogs/directories or bookmarked).

Let\’s talk about IT Audit in todays world. What do you know about IT Audit now? Have you ever performed such audits? I have been working for a Big 4 company for almost 5 years and all always I was performing various types of IT Audit. Thus, I think that I have some IT Audit experience.
A lot of of my audits were targeted to financial audits, which is the main operations of my company. However, we had performed separate IT Audits and IT Security Audits for different companies across CIS region.
While doing such small IT audits during work for financial team, you often face such term as IT Risk Assessment. We need to remember about risks in all our work, thus it is nothing to do – but we need to determine how our clients perform IT risk assessments at their systems. That is why we always look at different reports about work performed, talk to different people from IT department – our goal is to confirm that this particular company has dialed with IT risk and no significant impact would arise to the company financial statements. We just need to address any potential risks to our work, as our final report will be very important. It would be not very good, if in future this conclusion will be impacted by exploitation of some risk, which we had missed during our work.
But in order to perform good and quality IT Audit we need to use various IT Audit Tools and techniques. Such tools are different for different environments – for example for Windows environment we would use some tools provided by Microsoft company (e.g. MS Security Base Line Analyzer). And for UNIX environment these tools will be completely different. The same is with databases – one IT Audit tools will be used for Oracle databases and another are required for MS SQL databases. But always while performing IT Audit work you need to use different IT Audit Tools. This will significantly reduce the amount of manual work you need to perform.
Thus, by doing IT Audit assessments, we need to consider the IT Risk Assessment, which may be made by company itself, or we may perform such assessment. We need also to use some IT Audit tools and technics, and develop appropriate report for our analysis. And only after all these tasks are finished, we can start making our IT Audit Report. This is very hard work, as you need to consider all issues which came to your attention during the IT Audit work. You need to combine all these findings, sort them, and conclude on which of them will be reported. As a rule, this is done through classification of findings based on their criticality and impact to the financial statements of the company. You can classify all findings as having Low, Medium or High impact. In most cases we report only Medium and High findings to the executives of the company. And the Low findings are reported only to local IT management in order to address the risk.