Information Technology Reference
In-Depth Information
Information Systems Audit Process
Overview
A skill the IS auditor needs to learn quickly and be able to perform perfectly well is how to
use an IS audit process. This chapter looks at the various stages of performing an IS audit.
Adding value to the enterprise or enhancing performance of the enterprise requires being
able to conduct a good IS audit in the first place.
The IS audit process includes a number of activities which ensure that an effective audit is
carried out. Described in this chapter is a generic IS audit process, but it does meet the re-
quired objectives as described in the IS audit standards and guidelines published by ISACA
and the Institute of Internal Auditors (IIA). Enterprises in some cases prefer to design their
own audit process focusing on their internal requirements. Further details on the IS audit
standards will be covered in chapter 3.
The IS audit process involves a number of stages (see figure 2.1), which we shall review in
detail in this chapter. The IS audit process includes the following stages:
a) audit planning
b) understanding the IT environment
c) performing the audit
d) testing and evaluation
e) findings and reporting
f) follow-up.
Figure 2.1 IS Audit Process
The benefit of using an IS audit process when performing an audit is that you ensure that the
audit has a structured approach which everyone can follow including clients. The process
enables a clear understanding of the objectives and tests included in the audit. The IS audit
process also helps the IS auditor to avoid errors or missing out important information during
the auditing process.
Search WWH ::
Custom Search