IT Audit

What is an IT audit?

The dictionary "Le Petit Robert" defines an audit as "answers to questions formulated to a person capable of hearing and, above all, capable of understanding the answers, then passing them on to others".

The applications of auditing are therefore as numerous as there are business sectors.

More explicitly in the corporate context, the "Larousse" defines it using accounting and management control as an example: "The procedure of ensuring that a company's accounts are complete, sincere and regular, vouching for this to the firm's various interested partners and, more generally, passing judgment on the quality and rigor of its management".

The audit then applies, or can apply, to the company's various activities:

• production ;

• accounting ;

• human resources ;

• quality...

It seems necessary, even obvious, that it also exists for its I.S. (information system), present in all (or almost all) of its businesses and activities:

• its infrastructure ;

• its equipment ;

• its interconnections ;

• its dedicated service...

It can be used to assess performance, safety, relevance...

The need for an IT audit is often felt by the company itself, when it notices a loss of competitiveness, less and less adapted tools, or an increasingly palpable exposure to threats...

On the other hand, it can be ordered by a third party to check :

• the company's production capacity;

• its respect for production quality;

• solvency ;

• its guarantee of secure storage of customer data;

• compliance with laws and regulations...

The audit's conclusions, set out in a report, often lead to radical changes in strategy, organization, management, equipment and so on.

In some cases, the financial consequences can be critical: this is when an IT audit can go far beyond the strictly "IT" scope.