IT audit services both the University and Penn Medicine and assesses the critical IT systems, related architecture, and IT processes to assess whether information assets are secured, reliable, available, and compliant with policies and applicable laws and regulations. We also emphasize the importance of mitigating privacy and security risks throughout our audits. We are committed to delivering our services in an independent, objective, and professional manner.

IT Audit follows the COBIT framework, which is a set of best practices for IT management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1992. COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company. As a result, management and business process owners are provided with an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.