When We Need to Perform Information System Audit

Although various types of audits conducted, the majority of audit emphasis on accounting information systems within an organization and implementation of financial recording and operation of effective and efficient organization. Broadly speaking, the need for the audit in a company that already has expertise in the field of information technology among other things:

A. Losses due to data loss.

Data are processed into an information, an important asset in today's business organizations. Many operating activities rely on some important information. Information of a business organization will be a portrait or picture of the state organization in the past, present and future. If this information is missing will result in potentially fatal for the organization in carrying out its activities.

B. Losses due to computer processing errors.

Computer processing becomes the primary focus in a computer-based information systems. Many organizations have been using computers as a means to improve the quality of their work. Starting from a simple job, such as the calculation of compound interest to the use of computers as an aid in navigating airplanes or missiles. And many of these organizations are interconnected and integrated. It would be very concerned if there is an error in processing on the computer. Losses ranging from mathematical calculations are not trusted to the dependence of human life.

C. Wrong decisions due to misinformation.

The quality of a decision depends on the quality of information presented to decision-making. The accuracy and significance of the data or information depends on the type of decisions to be taken. If top managers will make decisions that are strategic, it may be related to the properties can be tolerated, long-term decisions. But sometimes misleading information will impact decision-making that is misleading as well.

D. Losses due to misuse of computers (Computer abused)

The main themes that drive the development of the systems audit business information within an organization is due to the frequent occurrence of crime computer misuse. Some types of crime and the misuse of computers, among others, is a virus, hacking, direct access is not legal (for example, went into the computer without permission or using a computer terminal and can result in physical damage or retrieve data or computer programs without permission) and or unauthorized access to personal interests (someone who has the authority to use the computer but for the purposes of undue).

• Hacking - a person with an unauthorized access to computer systems that can view, modify, or remove a computer program or data or disrupt the system.
• Viruses - A virus is a computer program that attaches itself and run itself a computer program or computer system on a floppy disk, data or program that aims to disrupt or damage the way a computer program or data in it. The virus was designed with two purposes, firstly to actively replicating itself and both interfere with or damage the operating system, programs or data.

The impact of computer crime and abuse include:

•  Hardware, software, data, facilities, and other supporting documentation is damaged or stolen and misused or modified.
• Confidentiality of data or important information from the person or organization is damaged or stolen or modified.
• Routine operational activities will be disrupted. 
• Computer crime and abuse from time to time increased, and nearly 80% of perpetrators of computer crime is on the inside.

E. Value of hardware, software and personnel information systems.

In an information system, hardware, software, data and personnel is an organizational resource. Some business organizations spend substantial funds to invest in the preparation of an information system, including the development of human resources. So that the necessary controls to maintain an investment in this field.

F. Maintenance of confidentiality of information

Information within a business organization is very diverse, from the data of employees, customers, and other transactions is very risky if not maintained properly. A person can only use the information to be misused. For example, if confidential customer data, can be used by competitors to take advantage of the competition.

At the time computers were first used, many auditors have thought that the audit process will be much changed to conform with the use of computer technology. There are two main points to consider in the audit of electronic data processing, namely the collection of evidence (evidence collection) and evaluation of evidence (evidence evaluation)