How to Efficiently Conduct an IT Audit – In the Perspective of Research, Consulting and Teaching
Gabriel Felley, Rolf Dornberger
This article reflects the topic of IT audit – information technology audit – with respect to research, consulting and teaching. The expression ‘IT audit’ comprises information systems audits as well as information security audits combining the short-term to long-term management of the IT infrastructure with its daily operation in order to achieve the organization's objectives. No overall common standard procedure for an IT audit works generally.
However, standard procedures for IT audits, e.g. ISO 27001, are available, which must be particularly adapted and customized to fulfil a company’s needs. This task requires experts. Thus, students of all Information Systems Bachelor or Master programs are trained to work in IT audit projects or even to lead them. This paper presents a case study, concerning the IT audit of organizations acting in the Swiss social insurance environment. The derived concepts are discussed. A best practice for the transfers of knowledge to students in terms of connecting research and consulting is proposed and discussed.