Information systems are the lifeblood of any large business. As in years past, computer systems do not merely record business transactions, but actually drive the key business processes of the enterprise. In such a scenario, senior management and business managers do have concerns about information systems. The purpose of ICT audit is to review and provide feedback, assurances and suggestions. These concerns can be grouped under three broad heads:

1. Availability: Will the information systems on which the business is heavily dependent be available at all times when required? Are the systems well protected against all types of losses and disasters?
2. Confidentiality: Will the information in the systems be disclosed only to those who have a need to see and use it and not to anyone else?
3. Integrity: Will the information provided by the systems always be accurate, reliable and timely? What ensures that no unauthorized modification can be made to the data or the software in the systems?

Of course, there are other concerns that ICT audit should look at, such as effectiveness, efficiency, value for money, return on investment, and culture and people related issues. Such concerns will be addressed in ICT Audit.