Sunday, 22 July 2007

The IT Audit Process

Before we start talking about IT Auditing we need to clarify some information about types of the internal controls and implementation types.

Types of Internal Controls:

  • Preventive Control
  • Detective Control
  • Corrective Control (Reactive Control)

Type of implementation of Internal Control:

  • Administrative implementation
  • Technical Implementation
  • Physical Implementation

We need to answer these questions: what to Audit? , what type of Audit? And how to implement it?

What to audit?

This point is very important because it will determine the consequence steps in your audit process.

What is the type of audit?

The type of Audit:

  • Centralized IT functions
  • Decentralized IT functions
  • Business applications
  • Regulatory compliance

After determine what to audit and the type of the audit you need to rank our audits, which one is most important, frequency for doing it and the rotation of our audits.

How to implement it?

The IT Audit stages consist of:

  • Planning, the goal here is to determine the objectives and the audit scope. We could determine that by using
  1. Hand-off from the audit manager
  2. Preliminary survey
  3. Customer requests
  4. Standard checklists
  5. Research
  • Fieldwork and documentation, it is very important to document all your process and look for ways to independently validate the information given and the effectiveness of the controls.
  • Issue discovery and validation, you should discuss your findings with them the customer before raise or report it. That makes your findings more accurate and effective.
  • Solution development,
  1. The recommendation approach (risky approach)
  2. The management-response approach (fighting approach )
  3. The solution approach (recommended one because the customer get involved on it)
  • Report drafting and issuance, it should includes

o Statement of the audit scope

o Executive summary

o List of issues, along with action plans for resolving them

  • Issue tracking

Reference:

McGraw-Hill, IT Auditing: Using Controls to Protect Information Assets, by Chris Davis, Mike Schiller and Kevin Wheeler

Posted by at

1 comment:

mtom said...

you will have an incredible blog right here! would you prefer to make some invite posts on my blog? supplier quality audit

12 September 2018 at 13:08

Post a Comment

Subscribe to: Post Comments (Atom)