What is an Audit?
Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.
Auditing means asking the auditee what he does, and checking to see if he does it.
Types of Audit
- First Party or Internal Audit: The organization audits its own systems.
- Second Party or External Audit: Customer audits organization.
- Third Party or External Audit: Organization gets audited by independent organization.
Actors in audit
- Audit Client: Organization or person requesting the audit.
- Auditee: Audited Organization.
- Audit Team: One or more auditors conducting an audit, supported if needed by technical experts.
- Technical Expert: Person who provides specific knowledge or expertise to the audit team.
- Auditor: Competent person conducting the audit.
- Observer: Individual who accompanies the audit team but does not act as an auditor.
Auditing Principles
- Integrity
- Fair Representation
- Due Professional Care
- Confidentiality
- Independence
- Evidence based approach
- Risk based approach
Discover more from Information Security Blogs
Subscribe to get the latest posts sent to your email.
