Information Systems Audit Process - Auditing Information Systems: Enhancing Performance of the Enterprise

Information Technology Reference

In-Depth Information

to expected deliverables. Including specific deliverables to the engagement letter or audit

request memo helps in developing a clear understanding of the expectations and avoids

misunderstanding with management. Problems IS auditors usually encounter in practice is

making recommendations, which sometimes are different from management expectations,

due to not having a clear understanding of audit objectives.

IS auditors sometimes find themselves in a position of advising the client on how to devel-

op audit objectives. The following may serve as general guidelines when developing audit

objectives:

a) The IS auditor should be provided with sufficient information on the client's business

and IT environment.

b) The IS auditor should have access to the enterprise IT strategy, organisational struc-

ture, IT policies and procedures.

c) The area or function to be audited should be clearly described and in sufficient detail,

i.e. network infrastructure could be the selected area to be audited.

d) Audit objectives should be detailed enough to guide the audit team.

e) Deliverables should be clearly stated and linked to audit objectives.

f) Reporting timelines and report formats should be provided.

g) Consideration should be given to developing sub-objectives relating to performance,

compliance, security, monitoring, maintenance, and management. Management may

opt to focus on one or two metrics such as compliance and performance.

The engagement letter or audit request memo should include the following information for

it to communicate appropriate information to the IS auditor:

a) general overview expressing the issues at hand and areas of focus

b) list of audit objectives (and sub-objectives where necessary) in action format

c) agreed reporting format if the enterprise does not have a reporting template

d) expected deliverables

e) dates for reporting.

The benefits of having clearly defined audit objectives include having a clear understand-

ing and agreement between the IS auditor and management, avoiding disagreements during

reporting, and avoiding delays in implementing recommendations.

Audit Methodology

IS auditors can consider using questionnaires as a method of collecting data during an audit

and presented to the client in an interview format. This method enables the IS auditor to be

organised and be able to collect all the necessary information without missing out any key

Search WWH ::

Custom Search

Home