Audit Standards
With the massive expansion of the use of Information Technology among all business sectors and other organizations, it is hard to ensure that the information system produced adheres to standards. An information technology audit is needed specially on the aspects of policies and process documentations, physical and logical security of the system, monitoring and disaster recovery of the information system to ensure that it meets the both organizational needs and the audit standards set by several standards organizations such as the International Organization Standards and the Information Systems Audit and Control Association (ISACA).
Of the different types of IT audit done by organizations, the most commonly used which appears to be the most useful is the technological position audit. In this type of audit, the audit team reviews what the organization currently have in terms of technologies based on what currently in the market. Basically, it tries to look at current position of the organization in terms of technology innovation and what it needs to add in order to be a more efficient organization. Usually results are seen as "base", "key", "pacing" or "emerging" (Goodman and Lawless, 1994).
With the increasing number of organization relying on computers for their daily operations, the current auditing standards should now include objective measures to help the auditing team identify if a specific organizations information system usage is compliant to set standards. It will be hard to create an audit standard that is non-industry specific because auditors will be hard-up since different industries have different IT needs which could be evaluated separately from the needs of another industry. Although there are common grounds in which IT is utilized across industries, almost half of these companies usage of IT is specific to their industry. For example, a bank has separate IT needs compared to a weather forecasting company, so it will be very difficult to create general, non-industry specific auditing standards.
References
Goodman, Richard and Lawless, Michael W. (1994). Technology and strategy: conceptual models and diagnostics. Retrieved from http://books.google.com.ph/books/about/Technology_and_strategy.html?id=GIRdX9hIL1EC&redir_esc=y
ISACA (2011). IT Standards, Guidelines, and Tools and Techniques for Audit and Assuranceand Control Professionals Retrieved from http://www.isaca.org/Knowledge-Center/Standards/Documents/ALL-IT-Standards-Guidelines-and-Tools.pdf
