Definition: Audits, as they relate to information systems, refer to comparing actual practices with existing policies and procedures. It’s an examination of information security processes. The main purpose is to determine whether a “gap” exists between what the organization or business says it is doing and what is actually being done. Some reviews relate to specific standards such as ISO 17799 or ISO 27000. COBIT is another. Others relate to standards that are directly related to compliance with government requirements (HIPAA, FISMA).

Its Relevance: A review of information systems processes and procedures is only possible when an organization has adopted official policies. If official practices exist then there must be a review for accountability purposes. Assuring the proper use of information assets is impossible without comparing actual practices with policy.

Return from "Audits" to Words [A - C]