Activity: Building the IT Audit Project Plan

Activity: Building the IT Audit Project Plan

Copyright: © 2020 |Pages: 30
DOI: 10.4018/978-1-7998-4198-2.ch001
OnDemand PDF Download:
No Current Special Offers


To fulfill audit planner responsibilities, the information technology (IT) auditor must determine examinable units using a selection method for engagements. Through synthesis of relevant audit standards and guidelines as well as professional experience, Chapter 1 presents crucial inputs to the IT audit planning process to organize a comprehensive assessment of an IT audit area. Chapter 1 discusses how to obtain an understanding of assurance objectives, enterprise objectives, and business practices for an IT audit project. Moreover, Chapter 1 discusses IT audit materiality, IT audit risk assessment tasks, and presents foundational control appraisal tasks from a system perspective.
Chapter Preview

It Audit Objectives

When approaching the IT audit planning process from a system perspective, an objective has a different meaning than a goal (Davis, 2011a; Gleim, 1989; Spacey, 2017). Minimally, an objective is a broad intended achievement statement (Cascarino, 2012; Gleim, 1989) supporting the organization’s vision, mission, and values (Davis, 2011a). Objectives are the first-tier general means of assessing how well a course of action is performing, and if the course of action is progressing toward expected results. Whereas, a goal is a discrete specific system aim (Davis, 2011a; Gleim, 1989). Goals are the second-tier specific means of assessing how well a course of action is performing, and if the course of action is progressing toward expected results.

Key Terms in this Chapter

Subject Matter: Represents a specific information topic for an audit report and related procedures.

Information Technology: The hardware, software, services, and supporting infrastructure that manages or delivers data using electronic encoding.

Audit Assurance: A percentage of audit area direct subject matter, related subject matter, or management assertion confidence of activity certainty that adequate controls are functioning as intended.

Internal Control: An organizational policy, procedure, directive, or practice providing reasonable assurance of expected processing performance (as specified by internal control objectives) to prevent or detect and correct undesirable events.

Auditable Unit: A transaction, cycle, or event within the engagement ambit.

Auditee: The personnel and related business practices, under examination.

Information System: A discrete resource grouping organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of voice, data, or video.

Ends: Things the enterprise seeks to accomplish.

Complete Chapter List

Search this Book: