In every organisation management, it is the senior which responsible for the initiation and management of the information security process, including IS.
The IS audit checks the effectiveness of the security of the formation security in the organisation. It also checks the appropriateness and implementation of the organisation’s security concept. In IS Audit security strategy and the implementations of technical, organisational, and personal safeguards are examined.
Audit of Information Technology (IT) is done to acheive following twin objectives:
1. To Assess the Information Services Divisions (ISD) management control framework to ensure that the IT function is efficiently and effectively managed.
2. To Review, examine, and assess the effectiveness of all ISD lines of services, IT operational activities, technological functions, and main processes.