Information Technology Reference
In-Depth Information
With this full understanding and distinction between standards and guidelines, let us look
at which standards and guidelines apply to each stage of the IS audit process as shown in
figure 3.1.
Figure 3.1 IS Audit Process
Planning
Planning is an important activity when performing an IS audit, and it enables the IS auditor
to prepare for the audit adequately. In chapter 2, we covered various tasks required to be
undertaken in order to develop an effective audit plan. In this chapter, we shall try to identi-
fy various standards and guidelines which are used during the planning stage.
It is assumed that the general standards (1000 series) are applicable to the entire IS audit
program, and where necessary, we shall refer to the standards in the various sections re-
viewed in this chapter.
Engagement Planning (1201.1 and 1201.2)
During the planning stage, there are two standards relating to planning an engagement
which an IS auditor must adhere to. These are mandatory standards.
The 1201.1 information system audit standard requires IS auditors to develop a plan for
every IS audit engagement they have been requested to perform. The plan should include
audit objectives, the scope of the audit, schedule, and deliverables. It is important that the
audit objectives are clear and normally would be discussed and agreed with the client dur-
ing the kick-off meeting. Determining the scope of the audit is one of the main activities
during the planning stage. The scope can be used to determine the limits of the audit and
what the IS auditors can do on the audit. Without the scope, auditors would find it difficult
to estimate the schedule of activities. Deliverables are the end product of an audit normally
in the form of reports. Auditors should ensure that they understand what the deliverables
are and when they are required to be submitted. Late submission of deliverables and sub-
mission of reports which do not meet the client's expectation usually send a wrong signal
to the client.
IS auditors are expected to also understand and incorporate into their audit program com-
pliance with applicable laws and professional auditing standards. Governments from time
to time come up with regulations and legislation to ensure that the citizens or public re-
Search WWH ::




Custom Search