© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart
47 of 151
INFORMATION SYSTEMS AUDITS
The purpose of an information systems audit is to review and evaluate the internal controls that protect the system.
When performing an information system audit, auditors should ascertain that the following objectives are met:
Security provisions protect computer equipment, programs, communications, and data from unauthorized access, modification, or destruction.
Program development and acquisition are performed in accordance with management’s general and specific authorization.
Program modifications have management’s authorization and approval.