INFORMATION SYSTEMS AUDIT-RISK-ORIENTED APPROACH

Task. The article considers the rules of audit of business information systems, based on the methodology of the international standard COBIT in the conditions of formation of the information society of its Russian segment. The features of the risk-based approach in the transition to universal digitalization are assessed, and the main directions of development of this approach are identified. The problem is that the methodology of COBIT does not disclose the essence and algorithms of this approach and allows its application individually in each specific audit of the information system of any business. Research has shown that in order to manage effectively, it is necessary to get a proper understanding of what to manage. Therefore, the auditor first needs to identify potential problems and factors that may affect the management process and outcome. Model. The article studies modern approaches build a model of auditor risk assessment where the audit criteria are based on risk assessment, allowing to combine the power of modern management techniques and professional knowledge of the auditor. Summary. The conclusion is made that performing audit of the it project to the auditor, it is necessary to consider that the specified project is carried out against constant applied research. Development of prototypes, testing of hypotheses, creation of MVP all this is necessary to receive at an output a product which will work effectively and bring profit. However, any research process entails risks associated with uncertainty and unpredictability. Practical importance. The practical significance of the article is that the conclusions and proposals are aimed at real optimization of modern audit of business in General and audit of information systems in particular. Originality. The study conducted by the authors revealed that the research nature of modern audit is associated with the fact that modern users of its services are spoiled by the diversity that the market of consulting services offers them. They are used to the fact that digital products and services are available here and now, easy to use and secure. In addition, the perception of digital products is influenced by globalization. Technologies that have existed for two or three years and have been successfully used more than once may lose the interest of consumers against the background of new solutions. And such speed changes mean there is always a risk of being late. In such a competition, a misjudgment of the market situation, a delay in market release, or deficiencies affecting quality can be detrimental to the product. The approach proposed in the article to the audit of information systems allows to exclude these difficulties arising from it consumers.

audit, information systems, it technologies, business risk, it risk, risk analysis model, countermeasures