It is the audit which designates the information system of the organizational body of enterprise & the self-governing community etc. as the object. From the party who relates to that the third party who becomes independent from objective standpoint inspecting & appraising the circumstance of development use utilization of the information system, it means that it reports vis-a-vis the authorized personnel (usually top management).
As management and business process raise the degree of dependence to IT in enterprise, importance has increased concerning the guaranty of reliable safety performance of the information system. On the other hand, quite high expert knowledge being necessary in development management of the information system, it is not simple for the interest person (enterprise manager and end user etc.) other than party (information system section and the like) to grasp the reliable safety performance propriety and management circumstance etc..
The auditor who becomes independent from the party with the sufficient knowledge regarding the information system, collecting & appraising evidence on the basis of fixed standard (EDP audit standard and the like), the fact that it reports the actual condition and risk etc. of the information system to the interest person is EDP audit then.
As for the object of EDP audit, other than the computer & the system itself, the whole life cycle (plan development and use maintenance and utilization) of the information system is included, management system of information system sectionand the widerange such as internal control or contents of the business which applies the computer can become the audit object. In addition the audit subject which executes EDP audit, it is audit section (internal audit) inside enterprise when and, are times when it is EDP audit enterprise (external audit) outside. Actually which field is executed which, whether internal audit whether external audit, it differs depending upon the purpose and theme of audit.
EDP audit itself is option audit, but it owes of audit and auditor audit (business operations audit) and information security audit (obligation of information security measure when and the like, when it is executed) as link it means to have the character of law audit/forcing audit.
As for early EDP audit, genuine characteristic guaranty of the accounting data inside the accounting system mainly was purpose, but stability work of the system became big theme in the eighties. When it becomes the nineties,compliance and security etc. become topic, recently verification, risk management,quality control, information property protection of IT strategy and IT and it is lectured thatsuch as social responsibility (CSR) point of view is introduced.
|
