The effectiveness of an information system’s controls is evaluated through an information systems audit. An audit aims to establish whether information systems are safeguarding corporate assets, maintaining the integrity of stored and communicated data, supporting corporate objectives effectively, and operating efficiently. It is a part of a more general financial audit that verifies an organization’s accounting records and financial statements. Information systems are designed so that every financial transaction can be traced. In other words, an audit trail must exist that can establish where each transaction originated and how it was processed. Aside from financial audits, operational audits are used to evaluate the effectiveness and efficiency of information systems operations, and technological audits verify that information technologies are appropriately chosen, configured, and implemented.

Goal of Information System Audit:

• Systematize and integrate business procedures and the coverage of business information in the information system
• Identify risks and weaknesses
• Reduce IT-related costs, as they represent a significant proportion of the organization's total cost
• Assess ERP system
• Align IT assessment and IT strategy

Key areas:

• Security and Privacy (like Biometrics and identity management)
• Data
• Technology risk management
• Fraud risk management
• Payment risk management
• Project risk management, Test management, Implementation of tests
• Contracts Risk Management