Information Technology Auditing Essay

Cheap Custom Writing Service

Information  technology (IT) auditing collects and evaluates data pertaining to an IT infrastructure. An IT audit may augment a financial audit, but it is specifically designed to test the IT infrastructure‘s  accuracy, efficiency, and security. Though around since the 1960s, IT audits have become especially important in the 21st century, when so much of a business’s activity is conducted  or assisted electronically.

The first IT audits were necessitated  by the use of electronics  in accounting  systems. Early computers did little more  than  that—compute—and the  combination  of their  expense  with their  extraordinarily narrow  focus of applications  meant  that  they were adopted slowly. Though General Electric used a computerized  accounting  system in 1954, computer  use was a highly specialized skill, and early input methods (such as punch cards or paper tape) were tedious to error-check.

With  the development  of specialized office computers  in the 1960s and the shift toward developing computers  for people who did not work on them for a living, larger businesses began to integrate computers into some of their accounting  procedures,  especially data storage (such as to keep track of inventory or reservations) and handling large amounts  of complicated information.  The first IT audits were therefore electronic data processing (EDP) audits, double-checking the accuracy of the software systems in use at a business and the data entered  into and derived from them.

This led to the development of specialized accounting  software,  and  in  1968  the  American  Institute of  Certified   Public   Accountants    helped   formalize EDP audits, keeping them  at the rigorous  standards  employed  by financial audits.  The Electronic Data Processing Auditors  Association (EDPAA) was formed shortly thereafter, for the growing number of accountants who specialized in EDP audits. EDPAA has since (in 1994) changed its named  to the Information  Systems Audit and Control  Association, and publishes  CobiT—Control  Objectives  for  Information and related Technology, the widely accepted list of standards and objectives in IT audits.

IT  auditing  became  especially prioritized  in  the aftermath of the Equity Funding Corporation of America scandal  of 1973, when  former  EFCA employee Ronald  Secrist  and  analyst  Ray Dirks reported  that the Los Angeles company—which sold mutual  funds and life insurance—was guilty of widespread and organized accounting  fraud. At least 100 employees since 1964 had been guilty of deceiving investors  and the government, and that deceit included a computer  system  devoted  to the forgery of insurance  policies for fictitious policyholders. Determining  the extent of the fraud, of course, meant auditing the computer  system, as well as all others in use by the company—a process that took over two years. Similarly, in the wake of the 21st-century accounting scandals, the Sarbanes-Oxley Act of 2002 was passed, establishing stricter standards for public company boards and public accounting firms—with a greater emphasis on IT audits.

There are five categories of IT audits:

  • Systems and Applications audits test the input, output, and processing at all levels of the company’s systems and applications.
  • Information Processing Facilities audits test the control  of the processing facility under  normal and disruptive conditions.
  • Systems Development audits  examine  the systems under development to make sure that they meet the company’s objectives and standards.
  • Management of IT and Enterprise Architecture audits examine the organizational structure  and procedures in use.
  • Client/Server, Telecommunications, Intranets, and Extranets audits focus on networking issues, an area where there  is particular  concern  with staying current  in security protocols.

Information  technology changes rapidly, as does its position in the process of doing business. IT auditors, though they may be CPAs, are generally more versed in information  systems, with a general understanding of accounting principles, because the accounting component of their job is the more static ingredient in the mix, while the  ramifications,  security  concerns,  and potential for misuse of technology are always in flux.


  1. Christian Lahti, Roderick Peterson, and Steve Lanza,  Sarbanes-Oxley  Compliance  Using  CobiT and Open Source Tools (Syngress, 2005);
  2. Xenia Ley Parker, Information Technology Audits (CCH, 2008);
  3. Hugh Taylor, The Joy of SOX: Why Sarbanes-Oxley and Services Oriented Architecture May Be the Best Thing That Ever Happened to You (Wiley, 2006).

This example Information Technology Auditing Essay is published for educational and informational purposes only. If you need a custom essay or research paper on this topic please use our writing services. offers reliable custom essay writing services that can help you to receive high grades and impress your professors with the quality of each essay or research paper you hand in.

See also:


Always on-time


100% Confidentiality
Special offer! Get discount 10% for the first order. Promo code: cd1a428655