System audit has three functions: audit, control and management.
Audit function. The so-called audit function is to evaluate whether the information assets and information systems of the audited object are safe and credible according to relevant regulations and standards, and whether the electronic tracks of financial revenue and expenditure and economic activities reflected are legal, compliant, reasonable and effective, so as to urge the audited object to abide by the law and improve economic benefits.
Control function. As an important part of enterprise internal control system, internal information system auditor is the re-controller of enterprise internal control. Because it is directly led by the main person in charge of the enterprise, it can analyze and consider the problem from the overall situation of enterprise development, check whether the operation of the information system is effectively controlled, the degree and effect of control, put forward the shortcomings and problems in control, and realize the ultimate goal of the control system.
Management function. Information system auditors have the obligation and responsibility to provide decision-making consultation for the security of enterprise information assets and the operation of information systems, ensure that IT development is consistent with the enterprise strategy, find problems in work, provide targeted consulting services on systems, management and control, guard against major information technology risks and management loopholes, and provide services for the continuous improvement of management level at all management levels of enterprises.