A well-planned, properly structured audit program is essential to evaluate risk management practices, internal control systems, and compliance with corporate policies concerning IT-related risks at institutions of every size and complexity. Effective audit programs are risk-focused, promote sound IT controls, ensure the timely resolution of audit deficiencies, and inform the board of directors of the effectiveness of risk management practices. The fundamental scope of an audit is the same whether it occurs in an IT or non-IT environment. Companies have become more and more dependent on technology to support almost all aspects of business operations and manage critical information assets.
Continuous changes in technology and legislation create new exposures and requirements on organizations. This environment emphasizes the need for competency and experience in the proper evaluation of risks related to information technology and the adequacy of an organization's technology control posture. Information technology affects the work of auditors and the auditing process. CPAs are implementing information technology into their firms and making technological training a priority for their staff. Auditing has become more efficient and effective through the use of new technology.