Information Technology Reference
In-Depth Information
a) Audit charter or IT audit charter
b) Engagement letter or audit request memo
c) Business and IT strategy documents
d) Business process documents
e) IT policies, processes, procedures, and standards
f) Audit questionnaires with collected data
g) Evidence in form of data extracts
h) Evidence in form of compliance documents
i) Data on tests carried out
j) Completed audit report to management
Figure 2.4 List of Audit Documentation
Follow-Up
An IS auditor is required to follow up on issues raised in the audit report either immediately
after the audit or on agreed dates with the client. A follow-up can also be made just before
commencement of a new or next audit. The IS auditor should review implementation of
the recommendations made in the previous report. If previous recommendations were not
implemented, the auditor can include in his new audit report which issues were still out-
standing and the reasons why the recommendations were not implemented.
The IS auditor might consider reporting on how previous recommendations were resolved
in the new report. In some enterprises, this section is moved to the appendix as it is for in-
formation only so that the new report focuses on new issues being raised.
In some cases, the IS auditor might find that the same issues keep on coming up in every
audit. It is advisable that these issues are escalated to senior management or the board for
special consideration. It is only right that the enterprise takes a position of either accepting
the risk or resolving the issues raised in previous reports.
An IS auditor is at times found in a position where the client is disputing observations made
regarding a particular issue. In this case, the auditor might refer the issue to the client's
board for resolution. This is on the assumption that the audit team has extensively reviewed
the issue and strongly believe that they have a strong point and supporting evidence.
All issues which have been resolved need not be reported and should be dropped unless
management would like to keep them on record, indicating reasons how the issues were
resolved.
 
Search WWH ::




Custom Search