1. It is an audit associated with auditors who use technical skills and knowledge to audit through the computer system, or provide audit services where processes of data, or both, are embedded in technologies.It focuses on the computer-based aspects of an organizations information system.

2. Technology 3. General Standards (3) PATT, IMA, DPCStandards of Fieldwork (3) AP, SUIC, SCEReporting Standards (4) GAAP, IC-No GAAP, IC- No AD, OFSW 4. VAPOR Co. Valuation and allocation Presentation and disclosure Rights and obligations Completeness Occurrence and Existence 5. Process for controlling an organizations information technology resources, where these resources are defined to include information and communications systems as well as technology. 6. Provide Direction Set objectives IT is aligned with the business. IT enables the business and maximizes the benefits. IT resources are used responsibly. IT-related risks are managed appropriately.CompareMeasure PerformanceIT Activities Increase automation (make the business effective) Decrease cost (make the enterprise efficient) Manage risks (security reliability and compliance) 7. Database Administration Data Processing Systems Development and Maintenance 8. Authorization from processing Record-keeping from custody Divide transaction processing tasks among individuals Systems Development from Computer Operations Database Administration from other functions New systems development from maintenance Data Library from Operations 9. IS audit services can be provided externally or internally. The role of the IS internal audit function should be established by an audit charter approved by senior management. If IS audit services are provided by an external firm, the scope and objectives should be documented in a formal contract. In either case, the internal audit function should be INDEPENDENT and report to an audit committee or to the highest management level such as the board of directors. 10. The IS auditor is expected to maintain technical competence through appropriate continuing professional education. 11. Gain an understanding of the businesss mission, objectives, purpose and processes, which include information and processing requirements such as availability, integrity, security and business technology, and information confidentiality. Understand changes in business environment of the auditee. 12. Review prior work papers. Identify stated contents such as policies, standards and required guidelines, procedures and organization structure. Perform a risk analysis to help in designing the audit plan. Set the audit scope and audit objectives. Develop the audit approach or audit strategy Assign personnel resources to the audit. Address engagement logistics. 13. Special attention should be given to issues in industries that are closely regulated. For example, in several countries Internet serviceproviders (ISPs) are subject to laws regarding confidentiality and service availability. 14. The Information Systems Audit and Control Association (ISACA), founded in 1969, is the largest professional organization of IT auditors. The Certified Information Systems Auditor (CISA) designation is the most highly valued global credential for IT auditors. In addition to CISA, ISACA recently created a new credential, the Certified Information Security Manager (CISM) for non-audit security professionals. 15. Provides guidance on IT governance by providing the structure that links processes, IT resources and information to enterprise strategies and objectives.