Introduction
The modern world is characterized by the era of advanced information technology. Computer technology in the contemporary world has become essentially sophisticated, creating a need for every organization and various government departments to embrace computerized information systems in a bid to enhance their operations and processes. With such developments and progress, the reliability of computerized data and the systems that process, maintain and report these data have increasingly become a major concern hence putting the need for an audit. Information Technology (IT) auditors normally evaluate the reliability of computer-generated data which support financial statements and also analyze the specific programs and their eventual outcome. In addition, the IT auditors have a role to scrutinize the sufficiency of controls in information systems and the related operational activities to ensure system success.
Information Technology (IT) Audit which has become essential in many organizations can be said to be the “process that involves the collection and evaluation of data, facts, and information to establish whether a computer system has been designed to maintain data integrity, safeguard assets, allow organizational goals to be achieved effectively and uses resources more efficiently”. In IT, and specifically auditing, data integrity is used to refer to the state of correctness and completeness of the information, data, and other relevant facts as well as their validity by the norms specified either by the organization or relevant auditing body. In most cases to realize success with the IT auditing, one needs a functional and an effective IT system that “should lead the organization into achieving its set objectives, and at the same time any efficient IT system should use minimum resources to achieve the required objectives.” When carrying out their work, IT auditors should be concerned in understanding the individual behaviors of the users of the IS and the mode of making decisions in a bid to ensure or ascertain that the system in use is effective.
Carrying out an IT Audit
Many organizations continue to experience difficulties, especially ones requiring decision-making while carrying out an IT audit. When this confusion persists, it always affects the audit approach system adopted. Therefore, to carry out the audit, three key steps in decision-making are necessary, which are: evaluation of decision; decision on the timing of audit procedure, and decision on the application system selection. Evaluation decision has been regarded as the most difficult one for IT auditors and in many cases to be successful, the decision needs to be made at the end of the preliminary review phase, at the end of substantive testing phase, compliance testing phase, and lastly at the review phase. Throughout this process, the system should satisfactorily safeguard assets, maintain data integrity and achieve system efficiency and effectiveness.
The role of Information Technology Audit
IT control and audit have become very critical in many organizations especially in situations that involve the integrity of information systems (IS) and the “reporting of organizational finances to avoid and hopefully prevent future financial fiascos.” Basically, IT audits reports have provided adequate and appropriate controls for the organization. Furthermore, there are various types of IT audits each of which is undertaken to fulfill the organizational set objectives.
Why Information Technology Audit Annoys
In the contemporary world, there are many stories related to computer-related errors, thefts, burglaries, fires, and sabotage. However, much effort has been directed to reduce the occurrences of these but it has been inadequate. The organizations with weak computer security and lack of internal controls are the ones that have been seriously affected by these vices. In addition, Senft and Gallegos state that, “the advancements in network environments technologies have resulted in bringing to the forefront issues of security and privacy” which have become central in information technology.
Of great concern in IT, the audit has been the unethical role played by the auditors, for example, some sensitive data and information for the client that is supposed to be kept secret and confidential have been intentionally or ‘erroneously’ been disclosed by the auditors and this has caused great damages to the client involved. From this, most IT auditors have participated in breaching and violating the confidentiality of their clients. The auditor’s duties require the exercise of uncertainty to a high degree. The client-supplied information needs to be thoroughly checked and verified, whereby audit procedures, tests, and sampling techniques should aim at finding errors and their possible causes. With this huge role to undertake, most IT auditors’ bypass these, and the impacts have been detrimental to the clients.
The legal duty and requirement for the auditor to report and disclose opinions to external parties erodes client secrecy and privacy. This has the potential danger of exposing the sensitive information of the client to underserved parties or sources and may result in permanent damages to the client. Furthermore, IT auditors have largely not benefited from the legal privileges and in many cases, they are forced to provide documents and other materials or appear as witnesses in response to the lawful complaint. In such scenarios when giving evidence the auditors have no right to behave as client advocates and the disclosures that they make become compulsory violations of client confidences. In other selected cases some IT auditors’ have participated in ‘selling’ and divulging IT secrets from the audit of one company to another which normally gives exposes the company secrets to competitors. [13] Health Insurance Portability and Accountability Act of 1996 (HIPAA) which are the laws and other ethical issues when performing an audit and aims to ensure the protection of patient health-care information in the electronic form have had an impact on the work of IT auditors’. This legal requirement has largely influenced and sometimes conflicted with the auditors’ work. Many IT auditors’ work has been ‘paralyzed’ by the legal ‘potholes’ and confusion posed by this Act especially by the company policy and the objectives of the audit work.
Conclusion
IT auditing has become a necessary and important duty in many organizations. Despite the positive work it continues to perform, the exercise has resulted in many malpractices that have been done by the auditors. This has in turn affected clients concerned negatively. The legal policy on the other hand has continued to be inadequate and limited in addressing the various ethical issues raised.
Bibliography
Hoffman, Michael. The ethics of accounting and finance: trust, responsibility and control. CT: Greenwood Publishing Group, 1996.
IT Monograph Series. Information Technology Audit, N.d. Web.
Northcutt, Stephen. IT ethics handbook: right and wrong for IT professionals. MA: Elsevier, 2004.
Pathak, Jagdish. Information technology auditing: an evolving agenda. NY: Springer, 2005.
Senft, Sandra and Gallegos, Fredrick. Information Technology Control and Audit. PA: CRC Press, 2008.
Shim, Jae. Information systems and technology for the non-information systems executive: an integrated resource management guide for the 21st century. PA: CRC Press, 2000.