An audit is an examination and evaluation, often in regard to financial records or accounts, which are checked for accuracy. A computer audit generally means an audit of a company’s computer networks and related technology and software, as well as the procedures in place with regard to the use of IT resources. It may be undertaken to check the efficiency of the system and turn up any violations. Less often, the term computer audit is used to refer to a tax audit in which a computer is used as a tool to assist the traditional audit process.
The most basic part of a computer audit is an asset management inventory that identifies all the hardware and software holdings and their connections, and helps determine what is owned and what may need to be updated or replaced. The computer audit information will give a more-or-less detailed analysis of each computer’s processor, current operating system, Service Packs, memory, storage, partitions, size, media capabilities — such as a CD/DVD burner — and any attached peripherals, such as keyboards, printers, scanners, external drives, microphones, speakers, etc. A software inventory provides the name, installation date, and version of all software. This is helpful for a standardization review, especially if a standard operating environment is sought.
In a licensing audit, the serial numbers and product keys for software are collected. The appropriate licenses for individual computers and networks are also reviewed. These steps can help to ensure that everything is up-to-date and examine whether the existing licensing choices are still optimal.
Another aspect of a computer audit is a security review. Knowing and having an appropriate record of assets is only the beginning of this process, which might also involve bar-coding or otherwise tagging holdings. Checking firewalls and security software for consistency and effectiveness is also important. This means a review of anti-virus software and anti-malware, as well as checking systems to make sure they’re clean.
Finally, a computer audit may examine IT procedures, looking for ways in which they could be more efficient. Also under analysis may be any possible instances of misappropriation of resources, improper use of resources, or poor matches between equipment and the demands of individual’s job descriptions. The latter could come from a determination that the employee is underserved by the computer setup he or she has, or that there has been unnecessary IT spending, given the real need.