1. What is Information systems Audit?Information systems audit is an exam about the controls within an information system. The information is the most important asset of a company; in this way it is necessary that the company guarantees the security of the information. Companies need information to achieve their goals,They must implement controls to ensure the availability of information when this is required, the integrity and confidentiality of information. Including a process of information systems audit as part of the model of process of the organization is important to know the level of the information security is there in the company and how to improve it. How to plan a system auditWhen you are planning a system audit, you need first to know the process that is supported for the system.It is achieved through the study of the results ofprior audit work performed, the documentation and the internal and externalregulations among other things. When you know the process, you can design the audit plan. For knowing the process, it is necessary to identify its components. Some of them are: Objectives: To know what are the objectives of the process and what are the risks that could significantly affect these goals. Activities: It is the knowledge by the internal auditor about each of theactivities that comprise the process and the information that is produced when each activity is realized.Controls: It should be identified the existing controls to prevent the occurrence or impact of risks. Measurement Factors: It should identify and acquire knowledge of keyperformance indicators and management, which can measure the achievement, efficiency in use of resourcesand the compliance of the objectives.
2. Information Systems: It needs to identify and understand the information systems that support the process to be audited.Roles and Responsibilities: You must know the roles and responsibilitiesassigned to the workers involved in the development of the process to be audited.