IT Examiner School, Seaside, CA

Audit Reporting/Follow-up

Similar to Safety & Soundness:

• IT Audit reporting channels- what is being reported and to whom

• Senior Management Responses- are they reasonable and corrective timeframe is appropriate

• Exception Tracking- show all IT audit findings, both Internal and External, and regulatory along with corrective action(s)

Auditor Independence & Qualifications Independence: • Whether or not there are conflicting duties, e.g. involved in auditing areas they have responsibilities or oversight • Auditor should be reporting to Board or Audit Committee • Whether or not the Auditor has a debt with the entity (may have some influence) Qualifications: • Type of IT experience and training – Some IT audits require specific skill sets • Current IT certifications the auditor maintains – Various known organizations, e.g. ISACA, Microsoft, Cisco, etc. provide specialized certificates and/or training • List of references from entities with similar IT activities

These qualifications provide some assurances, but don’t guarantee a quality audit