Why is IS Audit necessary?

There is an increasing need for USERS of IT services to be assured; through accreditation and audit of IT services provided by internal or third parties, that adequate security and control exists. This is in efforts to minimize risks and its potential to harm the integrity and accuracy of data and decisions based on such data.

To provide assurance and control over the IT performance management system.

Today, management is being required to optimize the use of available resources, including data, application systems, technology, facilities and people. To discharge these responsibilities and to achieve the enterprise’s objectives, management needs to understand the status of its IT systems and decide what security and controls it should provide.

Increasingly, the auditor has become a change agent, influencing and advising management to adopt good practice for control and governance over IT.

To provide independent assurance on IT value delivery and risk mitigation.