An information systems audit is composed of nine components. This presentation graphically depicts these components including:
- Risk Assessment
- Review of Automated Application-level Controls
- Review of controls at Operating System, Network and Database level
- Review of controls at Systems Development Life Cycle (SDLC)
- Review of Physical Access Controls
- Review of Business Continuity / Disaster Recovery Management
- Review of General IT Controls
- Penetration Testing
- Pre- and Post-Implementation Reviews for ERP Implementations
The companies may decide to conduct either all of these components or a selection out of them according to their requirements.