Information Technology-Specific Audits
Information Technology (IT) audits are conducted in accordance with generally-accepted IS audit standards and guidelines to ensure that the University's information technology and business systems are adequately controlled, monitored, and assessed.
A common baseline for evaluation of Information Technology operations is a review of IT General Controls (ITGC). ITGC's are measures in place that apply to all components, processes, and data within an organization's environment.
These controls assist in providing for the confidentiality, availability, and integrity of organizational systems, processes, and information, irrespective of specific hardware, software, or business process utilized.
Resources For Information Security Managers and Administrators:
The Office of Internal Audit offers area-specific guidelines, which provide more detail as to controls typically addressed during an IT General Controls review.
Areas covered by ITGC's typically include:
- Logical Access
- System Development and Change Management
- Physical Access
- IT Operations
- Outsourced IT Operations/Vendor Management
Please click on the hyper-linked areas above, to obtain more detailed control information.
These guides do not presume to detail all controls that could be addressed as part of an Information Technology audit. They do, however, provide the Unit ISM/ISA with a strong control baseline. This baseline, when effectively implemented, can help increase assurance regarding the confidentiality, integrity, and availability of systems and data.
For further guidance, or questions, please contact our IT Audit Staff:
Jeff Capehart, CISA
IT Audit Manager
Phone: (352) 273-1882