An Information Technology (IT) audit, or Information Systems (IS) audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a internal audit, or other form of attestation engagement. They were formerly called "electronic data processing (EDP) audits".
An Information security audit is a systematic, measurable technical assessment of how the organization’s security policy is employed. Provide risk mitigation recommendations consistent with compliance regulations, security industry best practices, client industry best practices, and client business objectives.