2023 IT Examiner School

Audit/Independent Review

Performed by independent personnel

Documented Findings/ recommendations

Knowledgeable individuals conduct

Risk assessment/ complexity based

IT scope & frequency based on inherent or residual risks

Conducted separately or all at once

Board/Committee reported results

Assessment Areas for IT Audits

• Audit risk assessment, plan and scope • Appropriate coverage of the entity’s IT environment and activities • Quality of written IT reports • Audit independence • Auditor qualifications • Findings and recommendations reporting and follow-up

The IT Audit program should be assessed for the following: