Our annual audit play includes specialized information technology audits. The city spends millions of dollars on computers, systems and technologies. To help with performance audits of departments done by our office, we have a technology audit team that help us determine the IT risks to the city. Risk Assessment sets up the inventory of critical IT systems. The inventory is made up of 4 main IT audit categories: IT business processes, business applications, (either existing or under development), IT infrastructure, and IT facilities.
IT audit categories are risk-related using an analysis based on objective technical process maturity score and a judgement based qualitative score. The IT risk assessment methodology is aligned with professional guidance, such as the Institute of Internal Auditors Global Technology Audit Guide on Developing the IT Audit Plan."
As Auditor I would not be doing my job well if our office did not focus on generally accepted IT governance and controls framework. In the age of sabotage and terrorists, we must continue to pay attention to these important IT risks. Check our audit plan on the Auditor's website to read the full details of this important area.