Components of Information Systems Audit

An information systems audit is composed of nine components. This presentation graphically depicts these components including:

  • Risk Assessment
  • Review of Automated Application-level Controls
  • Review of controls at Operating System, Network and Database level
  • Review of controls at Systems Development Life Cycle (SDLC)
  • Review of Physical Access Controls
  • Review of Business Continuity / Disaster Recovery Management
  • Review of General IT Controls
  • Penetration Testing
  • Pre- and Post-Implementation Reviews for ERP Implementations

The companies may decide to conduct either all of these components or a selection out of them according to their requirements.