IT Examiner School

Audit/Independent Review

Performed by independent personnel

Knowledgeable individuals conduct

Risk assessment/complexity based

Documented Findings/recommendations

Board/Committee reported results

Conducted separately or all at once

IT scope & frequency based on inherent or residual risk

Assessment Areas for IT Audits

The IT Audit program should be assessed for the following:

• Audit risk assessment, plan and scope • Appropriate coverage of the entity’s IT environment and activities • Quality of written IT reports • Audit independence • Auditor qualifications • Findings and recommendations reporting and follow ‐ up