Information Systems (IS) has become one of the most important factors in the developing business world. In this process, it has become important to identify and control the risks that may arise from information technologies as well as to use Information Systems resources effectively and efficiently. Today, the internal audit functions of institutions and regulatory agencies are also aware of this requirement and are developing actions in this regard.
On the other hand, due to the fact that Information Systems have their own technical expertise requirements and are structurally different from their business processes, internal audit specialists who are not specialized in this field acquire knowledge about basic IS concepts and audit approach before starting such an audit work, and their experience in control approach gained during internal audits in the field of IS, need to see how he can use it.
Information Systems managers, on the other hand, want to learn about the risks that may arise from Information Systems, whether they are subject to an audit or not, to learn the controls to be created in order to eliminate these risks, and to see the best practices accepted in the world. Information Systems managers, who are audited in this field, want to become aware of the approach they will encounter before the audit and the areas that they need to improve themselves and prepare for the audit.