Sunday, January 6, 2013

IT Audit Planning

At the highest level IT audit planning would involve the following generic steps.

  • Define the risk universe - auditable entities and risk assessment
  • Consider results of previous audits or other similar information
  • Consider upcoming plans/projects with senior and middle management
  • Develop a plan typically for the coming year
At the detailed level, the following steps are taken
  • Identify the risks
  • Identify the scope
  • Identify audit objectives
  • Design a test strategy (see file interrogations)
  • Estimate resources required