Professional Documents
Culture Documents
ISIT Audit
ISIT Audit
IS/IT Audit
Audit Work Plan
overall blueprint of the audit engagement.
shows all the audit activities of the engagement, timelines and the person responsible
for each activity.
Composition:
1. Background of the system
obtained through Systems and Infrastructure briefing
2. Audit objectives
motu proprio vs requested engagements
3. Audit scope
coverage and limits of the audit
1. Information Systems
IS/IT Audit 1
3. Information Systems Acquisition, Development and Implementation
1. Controls embedded on the system and the related IT processes are working
effectively to preserve the confidentiality[1], integrity[2], and availability[3] of
information such that reliance[4] can be placed on the systems and its reports;
3. IT investments are not exposed to wastage, and benefits from such investments
are maximized.
IS/IT Audit 2
business criteria. This essentially means that systems need to operate within the
ambit of rules, regulations and/or conditions of the organization.
Importance
address the risk/s associated with the activity under review.
might influence the audit engagement such as resources needed, timeline and
deliverables.
3. Engagement Letter
6. Non-Disclosure Agreement
Details of the audit that will be laid-out and discussed in the Entrance Conference
Reporting or Deliverables
Offices Involved
Key Milestones
Administrative Matters
IS/IT Audit 3
Other matters
9. Attendance Sheet
Audit Programs
step-by-step set of audit procedures and instructions that should be performed to
complete an audit.
tailor fit the audit program to the auditee’s setup and systems
Contents:
1. Audit area/issue
2. Criteria to be used
3. Information/documents needed
2. objectives
3. scope
4. timeline
5. offices involved
7. assessment criteria
IS/IT Audit 4