Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Glossary > Audit

What is Audit?

Audit Definition: The tools, processes, and activities used to perform compliance reviews.

Understanding Audit

An audit refers to the set of methods, tools, and actions designed to assess an organization’s compliance with various internal policies, industry standards, or regulatory mandates. By methodically reviewing information systems, security settings, and operational workflows, auditors can confirm whether security rules and obligations are being fulfilled.

Auditing can involve both automated and hands-on tasks, including the gathering, examination, and reporting of system logs. Such processes are central requirements in compliance frameworks like SOC 2 and ISO 27001, as well as regulatory directives such as HIPAA and PCI DSS. Businesses generally rely on Security Information and Event Management (SIEM) systems, dedicated log servers, and scheduled internal or external audits to track and document evidence of compliance.

As an illustration, a financial institution might regularly audit system access to customer account data, identifying and investigating any suspicious or unauthorized activity. Related terms include compliance, logging, SIEM, regulatory requirements, evidence collection, and audit trail.

Learn More About Audit:

Cybersecurity and Internal Auditing: A Risk-Based Approach to The IIA’s Evolving Standards

Related Cybersecurity Terms

Least privilege
Cryptography
Windows Security Baseline
User acceptance testing UAT
Back to Glossary