The IT Law Wiki
The IT Law Wiki

Definitions[]

General[]

An audit is

a detailed examination conducted by people external to the business unit to assess controls, measure performance and compliance, identify gaps, and make recommendations.[1]
[an i]ndependent review and examination of records and activities to assess the adequacy of system controls and ensure compliance with established policies and operational procedures.[2]

Security[]

An audit is an

[i]ndependent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies or procedures.[3]

U.S. copyright law[]

An audit is

a royalty compliance examination to verify the accuracy of royalty payments, or the conduct of such an examination, as applicable.[4]

Overview[]

Most common forms of audits are compliance, operational, or vulnerability. An audit may be carried out by internal or external groups.

Integrated, dynamic auditing systems not only record information, but also act to restrict use or to alert security personnel when possible safeguard violations occur — not just violations from intruders but also from insiders. One feature might alert security personnel if users are accessing certain files after hours or if a user (or possible intruder) repeatedly but unsuccessfully attempts to access a certain computer]. The security officer might then closely monitor the user actions to determine what further actions should be taken (simply denying access might alert an intruder to use a more reliable or more covert method, confounding the security staff). Some sophisticated systems use expert systems that "learn" users' behavior.

Contract clause[]

An audit clause

gives the data owner the ability to perform physical audits of the vendor's data storage facility and related controls. These clauses also might outline the vendor's responsibility for having a third-party test of the vendor's controls.[5]

References[]

See also[]