IT Examiner School - Oct 2023

First page Table of contents Previous page 37 Next page Last page

Internal Use Only

Audit/Independent Review

IT scope & frequency based on inherent or residual risks

Performed by independent personnel

Knowledgeable individuals conduct the engagements

Risk assessment/ complexity based

Conducted separately or all at once

Board/Committees receive results

Formal report includes Findings/recommendations

3

Internal Use Only

Assessment Areas for IT Audits

• Audit risk assessment, plan and scope • Appropriate coverage of the entity’s IT environment and activities • Quality of written IT reports • Audit independence • Auditor qualifications • Findings and recommendations reporting and follow ‐ up

The IT Audit program should be assessed for the following:

4

Made with FlippingBook - professional solution for displaying marketing and sales documents online