The function of an information systems audit is to review management controls applicable to the security, integrity, reliability, and the effective utilization of County Information Technology resources. There are five different types of audits performed by Information Systems Audit. These include application, development, computer operations, management, and technology.
The purpose of an application review is to ensure that controls exist to provide a reasonable assurance that transactions are complete, valid, and recorded accurately and in a timely manner. To do this, the auditor reviews application input controls, processing controls, output controls, and access controls.
The purpose of a development review is to participate in projects prior to and during implementation to ensure that adequate controls and security are built into the system, and concerns are addressed before the system is completed.
An operations audit is concerned with information systems operations environment that relates to all applications. This is done to assess the overall control environment, since a general control weakness may affect all applications.
A management audit concentrates on the information systems organization and their management practices, which may affect all applications. This is also done to assess the overall control environment.
The purpose of a technology audit is to review a specific technology used by information systems that may be used by several applications. This helps assess the overall control environment for applications.