Information Technology (IT) Audit
Understanding the ins and outs of constantly changing information technology environments is critical in understanding the roles, responsibilities, and overall success of audit as a function in every organization. A key driver in doing most of the jobs effectively today and achieving greater success tomorrow resides in having baseline knowledge of the IT function and its alignment to business strategy, and knowing how information systems impact the organization.
IT Auditing is a process which collects and evaluates evidence to determine whether information systems and related resources, adequately safeguards assets, maintain data and system integrity, provide relevant and reliable information, achieve organizational goals effectively, consume resources efficiently and have effective internal controls that provide reasonable assurance that business, operational and control objectives are met.
IT Audit evaluates system processing controls, the overall infrastructure and network, data, system and network security, physical security, systems development procedures, data center operations and facilities, project management procedures, application controls, general controls, contingency planning, and systems requirements in compliance with IT-specific laws, policies and standards.
IT Audit also evaluates and assures the confidentiality, integrity, and availability (CIA) of information within the organization.
♦ Confidentiality: evaluate and assures if the information in the systems be disclosed only to authorized users.
♦ Integrity: evaluate and assures if the information provided by the system always be accurate, reliable and timely.
♦ Availability: evaluate and assures if the organization’s computer systems be available for the business at all times when required.
The IT audit function develops audit programs to assess, evaluate, test controls, make recommendations, and report findings to management and other stakeholders regarding the adequacy of internal controls and security inherent in the Organization's information systems, and the effectiveness of the associated risk management.
To achieve this goal Office of the Federal Auditor General (OFAG) will audit or cause to be audited the Information Technology (IT) Systems, utilization and administration of the offices of the Federal Government and Organizations as per the given specific IT Audit mandates “The Amendment of Proclamation to the Federal Auditor General Re-establishment Proclamation - Proclamation No. 982/2016”.
I would like to express my special gratitude and special thanks to International Centre for Information Systems and Audit (iCISA), Comptroller & Auditor General of India (CAG), Auditor General of South Africa (AGSA), & Organization of English Speaking African Supreme Audit Institutions (AFROSAI-E) for giving us the opportunity to acquire more knowledge concerning IT Audit.
I would like also to give a special thanks to the UK's Department for International Development in Ethiopia (DFID) and Tax, Audit and Transparency (TAUT) Programme, who contributed in our IT Audit Unit establishment.
Thank you.
Name: Yigrem Mengesha Yalew
Position: Director, Information System Service Directorate & IT Audit Unit
Phone: +251 115181278
Email: yigrem.mengesha@ofag.gov.et