IT Examiner School

Written IT Audit Reports Describe scope and objectives

Identifies the deficiencies/wea knesses

Suggests corrective action(s)

Management’s response/timing for corrective action(s)

Provides information on prior audit findings

•Identifies repeat findings

Complies with audit plan and schedule

Types of IT Audits

Internal Audits/ Certifications

IT General Controls

Penetration Tests

Vulnerability Assessments

Statement on Standards for Attestation Engagements (SSAE ‐ 16/18)