IT Examiner School, Providence, RI

Audit Reporting/Follow-up

Similar to Safety &  Soundness:

o IT Audit reporting channels  what is being reported and to whom o Senior Management Responses 

are they reasonable and corrective timeframe is appropriate

o Exception Tracking 

show all IT audit findings, both Internal and External, and  regulatory along with corrective action(s)

Auditor Independence & Qualifications

Whether or not there  are conflicting duties,  e.g. involved in  auditing areas they  have responsibilities  or oversight Type of IT experience  and training • Some IT audits  require specific skill  sets

Whether or not the  Auditor has a debt  with the entity (may  have some influence)

Auditor should be  reporting to Board or  Audit Committee

Independence :

Current IT  certifications the  auditor maintains

List of references from  entities with similar IT  activities

Qualifications :

These qualifications provide some assurances, but don’t guarantee a quality audit