Question

In your own words, describe why a Organizational Standard is necessary in order for an IT Auditor to conduct their review of an organization's controls. How do Standards communicate specific ideas/requirements to an Auditor? Limit your response to no more than a page, single-spaced. Be sure to cite your sources used appropriately.

NOTE: In the course of your research, you may come across "Audit Frameworks" (ITAF, IIA, IFAC, etc.). These are NOT the Standards or frameworks we speak about in class. Do not cite these in your work or you will not get this one right!

Answer 1

An IT audit is the process of scrutinizing the management controls within an IT framework. It helps in evaluating whether the information systems within an organization are maintaing the date integrity and opearting effectively in order to achieve the organisational overall objectives.

An organisational standard is necessary in order for an IT Auditor to conduct their review of an organization's controls because standards determine the organisation's overall objectives as well as the specific acivities that must be performed in order to achive those objectives. They lay the foundation and determine what needs to be controlled. Until the standards are defined an IT auditor cannot determine whether the information system is operating effectively within an organisation. Hence it is vital for an auditor to know the organisational standard while conducting the review of an organisation's controls.

Standards play an important role in order to communicate the basic requirements to the auditor. They provide the overall idea about the organisation, its vission, the specfic activities it must perform in order to achieve its goals. Standards are the parameters against which actual performance can be measured. Thus standards assist the auditor in determing whether the organisation is performing effectively in order to achieve its objectives or if there are any deviations.