1. Technical Field
The present disclosure relates to auditing. More specifically, to a system and method for auditing information technology.
2. Description of the Related Art
Today's enterprises rely heavily on information technology (IT) to preserve the integrity of sensitive financial information. IT systems generally establish control mechanisms to control access to sensitive data. However, these control mechanisms require proper configuration. When improperly configured, sensitive information managed by the IT systems may be insecure, Configuration standards may be used to ensure that IT systems are properly configured. When configuration standards are appropriate, sensitive data is made safer.
Even when all configuration standards are appropriate, vulnerabilities existing in the software used by IT systems may compromise the security of sensitive financial information. Vulnerabilities may include software defects that allow for the bypass of established controls.
To ensure that enterprises are doing everything possible to detect and resolve ineffective configuration standards and vulnerabilities, enterprises may seek to have their IT audited. Section 404 of the Sarbanes-Oxley Act of 2002 requires enterprises to demonstrate and document the effectiveness of controls used to protect IT used to support financial reporting. Enterprises may seek to have their IT audited to conform with Sarbanes-Oxley.