The audit profession and audit practices have undergone many changes in parallel with technological developments and have undergone stages up to the point they have reached today. In particular, since the 20th century, standards have been established and legal regulations have been made regarding the supervision and practices in terms of informing investors and protecting community-public interests. At this point, it has become a necessity to include innovations in information technologies in the standards to be created and legal regulations to be made and to take into account the information technology environments during the audits of the organizations.
IT Audit is a proactive measure that allows the implementation of the necessary controls to determine the risks that may occur in the IT systems of institutions and organizations and the services offered by these systems, to determine the risk actions to be taken and not to repeat them.
Some of the important topics that are considered during the audit are as follows;
- - Are user accesses and authorizations controlled?
- - Is information consistent, accessible, and kept confidential?
- - Are procedures and guidelines adequate for how things should be done and are they used throughout the organization?
- - What kind of measures are taken against attacks and threats?
- - Is the user awareness level sufficient?
While UITSEC consultants provide the necessary controls over the processes, deficiencies in the structures built by institutions and organizations are reported after being detected quickly and accurately