Information Technology Reference
In-Depth Information
It is also useful to hold kick-off meetings with the client so that the engagement letter can
be clearly explained to the IS audit team. At the kick-off meeting, the client or user depart-
ment will attempt to explain their IT environment and any challenges they have had. The
audit team will seek clarifications at this meeting regarding the audit objectives or any oth-
er issues relevant to the audit. The meetings can also be used to discuss reporting timelines
and report formats if any.
The meetings can be used to discuss expectations of the client and agree to the required
deliverables and content. Disagreements often occur with the client because of having dif-
ferent understandings or interpretation of the engagement letter and deliverables. It is re-
commended that the IS audit team should effectively utilise the kick-off meetings to seek
clarifications on the engagement letter or terms of reference to ensure that misunderstand-
ings are minimised.
During the planning stage, the IS audit team may also need to determine if there is a re-
quirement to involve specialists, such as data analysts, security experts, computer forensic
specialists, and database specialists. Specialists are required to assist the IS auditors where
the IS audit team does not have particular competencies. We will look at the involvement
of specialists in more detail in chapter 12. ISACA has published a standard on the involve-
ment of other auditors and specialists. IS auditors should take into consideration the re-
quirements of this standard, which we will review in more detail in chapter 3.
Other than planning documents which are required to be collected during the planning
stage, the IS auditor is also required to plan for resources which would be used during the
audit such as number of IS auditors, other experts, logistical support, and audit tools such
as audit work paper software, data analysis software, and testing tools.
At the end of the planning stage, the IS auditor would have collected a number of docu-
ments which should be reviewed in order to have a good understanding of the client's IT
environment. This information and knowledge will enable the IS auditor to perform an ef-
fective and value-adding audit.
Developing Audit Objectives
Understanding and knowing how to develop audit objectives is a necessary skill for an IS
auditor as this can help in conducting audits effectively and according to the requirements
of the client. A misunderstanding of the audit objectives may lead to performing an audit
which does not meet the expectations of the client and run the risk of the final audit report
being rejected.
Audit objectives specify what the IS auditor is required to do or achieve on a particular
audit engagement. Audit objectives may be developed for an entire system or for a specific
part of an IT system. Management might provide one or more objectives which are linked
Search WWH ::
Custom Search