Businesses today rely on their computer systems to manage the corporation and, in turn,rely on a Certified Information Systems Auditor to make sure the systems are performing the way they should be. Computers not only allow communication and interface between the components of corporation, but they store and safeguard valuable information from corruption and unlawful access. In order to do this, they must be operating at maximum efficiency.
What is an Information Systems Audit?
You may be familiar with a financial audit, in which the auditor examines the monetary aspects of a corporation to ensure it is operating efficiently and within the law. Information system audits are different. The financial auditor is measuring the financial systems according to accepted standards. Information systems auditing looks at the functioning of a computing system according to what is purposed for. If that is as clear as a mud puddle, it might be helpful to understand what an audit entails. According to a Wikipedia article, the audit must be performed by an independent agent to make sure it is unbiased. That makes sense; if a bank’s books are “cooked,” you don’t want the “chef” doing the audit. If an information system is lacking in areas, you don’t want its operators or designers auditing its functions. It isn’t that they might falsify information; it is only that the audit is more reliable when it is done by an outsider. The financial auditor has a set of laws and requirements that a business must meet in its handling of money. The IT auditor understands how a computer system must perform to meet its purposes. The IT auditor looks at the system controls to see how well it is storing and protecting data. The audit answers the questions of whether the system is available 24/7, whether data is released only to authorized users, whether the data is protected from corruption and if it is timely and accurate. Controls are divided into three areas: protective or preventative, detective and reactive; these protocols protect the system, search for problems and self-heal “wounds.”
Why are Audits Important?
Business is no longer only local. Merchants and service providers find their clients in a global market. Corporations are inter-related through the Internet; there are connections between corporations and their suppliers, between businesses and their clients and between businesses and their competitors. In other words, a “glitch” in the system affects many different people.
Who are the Auditors?
quotes the book Information Systems Control and Audit. “To be a good auditor, you have to be better at business than your client.” These professionals are knowledgeable and skilled independent computer experts. Most have master’s degrees in computer-related fields. In addition, they are certified, usually by ISCSA. Certification by the Information Systems Audit and Control Association involves passing an examination, having a year of information systems experience, recognizing and operating by a code of ethics and standards of audit and maintaining continuing education hours. A Certified Information Systems Auditor is a valued asset to a corporation. Salaries range from $83,677 to $106,906.
The old adage that the world is getting smaller every day is certainly true in business. Companies no longer compete only with the business down the street, but with the business on a street in London or New Delhi. The information systems that keep them relevant must stay “healthy” to keep the global business body “healthy.” That is why the service performed by a Certified Information Systems Auditor is vital to the economy.