Professional Documents
Culture Documents
2007 - Introduction To IT Audit 04
2007 - Introduction To IT Audit 04
training
for
Session 4
Planning helps in
the direction and control of auditor’s work;
highlighting critical areas ;
allocation of scarce audit resources towards more
important areas;
setting time frame and targets for review work ;
obtaining sufficient, reliable and relevant audit
evidence and
subsequently aid the auditee in sound decision
making
March 2007 Introduction to IT Audit : S4/ 2
IT audit
training
for
Types of Planning
Strategic plan
Annual plan
Micro plan / audit programme
Obtain an overview of
the nature of auditee business and the business
environment regulatory environment in which the
auditee functions
the size, type, nature and complexity of the IT
systems major IT systems
nature of risks the systems are exposed to critical
organizational units/functions
main types and volume of transactions processed
by the systems
extent and scope of internal audit
Involves
allocation of responsibilities of the IT audit team;
planning the methodology of audit;
deciding the scope and extent of audit coverage
framing budget and obtaining approvals
drawing up the time schedule for various tasks;
exploring ways of obtaining audit evidence and
framing the reporting requirements
Inherent risk
Control risk
Detection risk