Sourcing IT assurance: from which types of firms can an organization obtain Electronic Data Processing (EDP) auditors or audit services?

Introduction / Context:
EDP auditing (also called IT auditing or IS auditing) evaluates controls over information systems, data integrity, security, and compliance. Organizations may build internal capability or contract external experts. Understanding where to source such expertise is practical for governance and assurance planning.

Given Data / Assumptions:

• EDP auditors need combined knowledge of IT controls and audit methodology.
• External sourcing is common for specialized reviews, independence, or capacity peaks.
• Multiple firm types market such services.

Concept / Approach:
EDP/IT audit services are offered by computer consulting firms (technology-focused practices), accounting firms (assurance and advisory, including SOC, SOX, ISO audits), and management consulting firms (risk, governance, and compliance practices). Each brings a different emphasis—from technical configuration review to control frameworks and policy design—yet all can supply qualified EDP auditors.

Step-by-Step Solution:

Verification / Alternative check:
Market offerings from major accounting firms, tech consultancies, and management consultants include ITGC testing, application controls, cybersecurity assessments, and compliance audits.

Why Other Options Are Wrong:
Choosing only one source underestimates the breadth of the audit services market; “None” is incorrect because these services are widely available.

Common Pitfalls:
Assuming only CPAs can audit IT; overlooking the need to ensure auditor independence and relevant certifications (e.g., CISA).

Final Answer:
All of the above