ISACA defines information systems auditing as the process which collects and evaluates evidence to determine whether information systems and related resources, adequately safeguards assets, maintain data and system integrity, provide relevant and reliable information, achieve organizational goals effectively, consume resources efficiently and have effective internal controls that provide reasonable assurance that business, operational and control objectives are met.
For regional SAIs who do not have the capacity to create an information systems audit section and who have not yet performed an information systems audit the Secretariat provides the necessary support and on-the-job training during the audit process to enable the SAI to complete the audit and report on the findings.