Aspects of an Information Systems Audit and the Greatest Challenges Facing IT Auditors

Please prepare a response to the following post:
1) In your own words, discuss the many aspects of an information systems audit including how an audit trail plays a part.
Information Systems (IS) have become the backbone of many organizations, and for this reason, owners, managers, and stockholders need to be confident that their systems are not only protected but also functioning effectively and efficiently. That’s why IT auditing is currently a big part of the overall audit process. The IS audit is a process that collects and evaluates evidence from an organization’s IS and provides feedback and assurances related to data integrity, confidentiality, and availability of the IS.
IT audits touch all elements of an AIS (hardware, software, networks, databases, processes, and people), so financial auditors rely heavily on the work of IT auditors to evaluate how the control procedures within the IS affect the financial statements and business operations to determine the level of detailed testing of balances and transactions they need to perform. Auditors will perform a risk-based approach when performing an IS audit to detect the threats faced by the IS. They will then identify and evaluate the IS controls to determine if they successfully prevent or reduce those threats. If there are threats that are not addressed by the current controls, then the auditor will evaluate those weaknesses and provide recommendations on how to avoid or minimize those risks. An essential part of an IS audit is to audit through the computer, which means that they should follow the audit trail of the system’s internal processes. This approach evaluates the accuracy of the accounting information and assesses the existence and operation of the IS control procedures.
2) What do you think are the greatest challenges facing IT auditors?
I believe that communication is one the greatest challenges faced by IT auditors because they have to deal with employees on many organizational levels. They also need to be able to translate highly technical findings in words that non-IT people like executives or operating managers can relate so that they can understand the vulnerabilities and risks of their information systems and what they mean for their business. Another challenge could arise if they don’t have all the right resources or help required in place because this could cause the audit to get extended or complicate the work of the auditor which will only result in unnecessary expenses and waste of time for both the IT auditor and the business.