At the highest level IT audit planning would involve the following generic steps.
- Define the risk universe - auditable entities and risk assessment
- Consider results of previous audits or other similar information
- Consider upcoming plans/projects with senior and middle management
- Develop a plan typically for the coming year
At the detailed level, the following steps are taken
- Identify the risks
- Identify the scope
- Identify audit objectives
- Design a test strategy (see file interrogations)
- Estimate resources required
|
|
|
|
