An extensive Information Technology (IT) Audit examines these four key areas:

1. IT Governance and Risk Management (Board Level)


2. Cybersecurity comprising the following Cyber Essentials Controls:

(i) Firewall & Internet Gateway, (ii) Secure Configuration, (iii) Access Control, (iv) Malware Protection, (v) Patch Management


3. IT Operations and Service Delivery

(i) Hardware Audit, (ii) Website Audit, (iii) Email Audit, (iv) Data Storage Audit, (v) Cloud Audit, [vi] Active Directory Audit, (vii) Business Continuity & Disaster Recovery Plan, (viii) Service Level Management, (ix) IT Finance


4. Accounting IT Controls

An information technology audit conducted as part of a financial statement audit primarily focuses on specific aspects of IT General Controls (ITGC), particularly those governing access to accounting data and programs, segregation of duties, data backup procedures, and change management controls within the financial reporting system. These controls are essential to ensure that the organization records and produces financial information that is reliable, timely, relevant, and complete.  

Key objectives of IT audit performed in connection with financial statement audit:

- Ascertain that ERP and financial reporting systems are adequately protected

- Evaluate the risk of data tampering and data loss

- Evaluate the reliability of data from ERP and financial reporting systems having an impact on the financial statements

- Evaluate the effectiveness of IT controls to ensure the ERP and financial reporting systems are functioning as intended

- Ascertain compliance with applicable laws, policies and standards

IT General Controls (ITGC) are controls that relate to the environment supporting IT Applications. The appropriateness and effectiveness of ITGC’s therefore impacts on all the organization’s IT applications. Strong general and application controls are required so that organizations know they can rely on the information produced by IT systems to build trust with investors and other stakeholders.