Information Technology (IT) auditing helps a company understand the key technology risks and how well the company is mitigating and controlling those risks. IT internal audit also provides insight into the threats inherent in today's highly complex technologies. Select one of the areas below to view a sample of IT audit information available on KnowledgeLeader.
Audit Committee Reports: Sample Presentations
Each of these four samples contains an audit committee report that has been presented by internal auditors at a target company. The report content primarily focuses on presenting the audit risk assessment process and results, the internal audit planning process and timing, and the business self-assessment processes and results.
Control Objectives for Information and Related Technology (COBIT) is a management tool for IT. It has been developed by ISACA as an accepted standard for good IT security and control practices. It is intended for use by management, IT auditors, and control and security practitioners. COBIT defines what needs to be done to implement an effective control structure.
Computer Operations Audit Work Program
This work program focuses on auditing computer operations. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control.
How to Audit Compliance in the Financial Services Industry: A Primer
Anyone who has been involved in compliance management for the financial services industry over the last decade or more has seen expectations regarding the role and responsibilities of the Compliance function continue to evolve with increased responsibility. As the requirements and expectations for compliance management have changed, so too have the expectations for how Compliance should be audited. Any discussion about how to audit Compliance should begin with the premise that Compliance is, or should be, an auditable area.
Human Resources Process and Compliance Review – Audit Report
This sample human resources process and compliance internal audit report focuses on time reporting, payroll, recruiting, hiring, and termination. This report contains process maps of the HR process, including associated risks and controls.
IT Audit Work Program – Application Controls
This sample work program covers various application controls necessary to support the business, focusing primarily on access and change controls.
IT Controls Best Practices, Part 1 - Generic
This is Part 1 of a document created to identify leading practices for auditing IT controls. The presentation includes process maps and defines risk objectives and control points for change management, security administration, operations and application controls.
IT Due Diligence Checklist
This checklist focuses on what risks or controls a small company must assess in order to address their IT due diligence practices. Topics covered in this document include: IT management, personnel, and contractors as well as many more.
IT General Controls Questionnaire
IT general controls are critical and central to business processes. This excel-based template provides a number of COBIT areas and the related control objectives for each IT general control. You can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. This questionnaire has been updated with areas defined in COBIT 4.1.
IT Risk Assessment Survey Questionnaire
This questionnaire is for conducting an IT risk assessment. It covers topics appropriate for IT management and IT executive management. These topics include: Educate and train users; Assess and manage IT risks; and IT strategic planning.
Program Development Audit Work Program
This work program focuses on auditing the program development process. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control.
System Management Risk Assessment & Control Audit Work Program
Since most financial transactions are processed and maintained in the IT environment, the IT function is critical for all financial audits performed. This work program will assist audit teams to identify risks and related controls for logical security administration and monitoring, physical security, change management, problem management and system availability.
Auditing IT Projects: Early Warning Signs Of Material Risk
IT projects are often materially significant and yet the nature and magnitude of their risks go unnoticed until disaster strikes. Focusing on the early warning signs of IT project peril, this article provides a straightforward starting point for seeing, monitoring, auditing and managing the risks of an IT project.
Confusion in the Ranks: IT Service Management Practice and Terminology
The Information Technology Service Management (ITSM) movement is gaining adopters throughout the world, expanding from the 2005 ratification of International Standards Organization (ISO) ISO/IEC 20000. This paper provides a background on ITSM and its contributing concepts including IT Information Library (ITIL), Service Level Management (SLM), Business Service Management (BSM), and many others. Read this article to learn about the several contributing frameworks mentioned, and reports on a survey of U.S. IT managers conducted to determine the extent of understanding of these terms and frameworks.
Continuous Monitoring and Auditing: What is the difference?
Both continuous auditing and continuous monitoring can be cornerstones in helping internal audit respond effectively to the increased expectations that are placed upon them. They can also help organizations operate more efficiently and more profitably. In part one of this two-part series, John Verver, from ACL Services Ltd., poses the question: Are these two separate concepts or merely variations of a theme? In part two, John closes his discussion by focusing on the benefits of continuous auditing and monitoring, and related best practices.
Global Technology Audit Guide (GTAG) 4: Management of IT Auditing
This fourth GTAG is designed for CAE and internal audit management personnel who are responsible for overseeing IT audits. The focus of this guide is on providing specific recommendations that a CAE can implement immediately, and to help sort through the strategic issues regarding planning, performing, and reporting on IT audits. Consideration is given to the fundamentals as well as emerging issues.
Global Technology Audit Guide (GTAG) 5: Managing and Auditing Privacy Risks
This fifth GTAG is intended to provide the chief audit executive (CAE), internal auditors, and management with insight into privacy risks that the organization should address when it collects, uses, retains, or discloses personal information. This guide provides an overview of key privacy frameworks.
Global Technology Audit Guide (GTAG) 8: Auditing Application Controls
This edition of the Global Technology Audit Guide from The IIA provides Chief Audit Executives with information on the role of internal auditors regarding application controls, and how to perform a risk assessment. This guide also includes a list of common application controls, a sample audit plan, and application control review tools.
Global Technology Audit Guide (GTAG) 9: Identity and Access Management
The objective of this GTAG is to provide insight into what IAM means to an organization and to recommend internal audit areas for investigation. It can assist CAEs and other internal auditors in understanding, analyzing, and monitoring their organization's IAM processes.
Global Technology Audit Guide (GTAG) 11: Developing the IT Audit Plan
As technology becomes more integral to the organization’s operations and activities, a major challenge for internal auditors is how to best approach a company-wide assessment of IT risks and controls within the scope of their overall assurance and consulting services. As pointed out in this GTAG, auditors need to understand the organization’s IT environment; the applications and computer operations that are part of the IT infrastructure; how IT applications and operations are managed; and how IT applications and operations link back to the organization.
Global Technology Audit Guide (GTAG) 12: Auditing IT Projects
Whether IT projects are developed in house or are co-sourced with third-party providers, they are filled with challenges that must be considered carefully to ensure success. Insufficient attention to these challenges can result in wasted money and resources, loss of trust, and reputation damage. Early involvement by internal auditors can help ensure positive results. Auditing IT Projects from The IIA provides an overview of techniques for effectively engaging with project teams and management to assess IT project risks.
Integrating IT into the Internal Audit Process
Internal audit leaders looking for a way to improve staff skills and increase audit efficiencies would do well to consider integrated auditing; an approach that can help them on both counts. Integrated auditing’s objectives include providing full coverage of an organization’s or business unit’s risks; supplying management with a complete opinion on the control environment and how it impacts risk and audit coverage. This includes all aspects of the audit; both automated and manual procedures.
Internal Auditing Syllabus - Sample 1
The course will cover internal audit from a broad perspective that includes information technology, business processes, and accounting systems. Topics include internal auditing standards, risk assessment, governance, ethics, audit techniques, and emerging issues. The course covers the design of business processes and the implementation of key control concepts and will use a case study approach that addresses tactical, strategic, systems, and operational areas. Business improvements in the effectiveness and efficiency of business processes and controls will be covered in the areas of operations, finance and technology. The course is open to all majors with an interest in the design and testing of controls for improving management processes. This is the first course leading to an Internal Auditor Educators Partnership Certificate and will prepare students to sit for the Certified Internal Auditor exam. This course requires a significant degree of participation from all students on projects throughout the course.
Maturing the use of data analytics
In the internal audit practice the use of data analytics as part of the audit process is usually part of a continuum. It tends to start off in ad hoc use, then move to repetitive use, and, finally, to continuous auditing and continuous monitoring. In this article, John Verver from ACL Services Ltd. examines the typical evolution in using data analytics.
SAP’s Global Internal Audit Services group implements a highly customized audit management system to improve speed and precision of planning
As one of the leading international providers of business software, SAP delivers products and services that help accelerate business innovation for its customers. This article focuses on SAP’s decision to implement an audit management system that allows the Global Internal Audit Services team to create working papers easily, review and approve documents, and perform administrative functions online. Key benefits of the system include automatic generation of documents including recommendations and risks; a user-friendly interface that guides auditors through the audit process steps; and delivery of key performance indicators (KPIs) to SAP’s management.
Technology-enabled Audits – Increasing Productivity and Delivering More Timely and Reliable Results
In today’s increasingly sophisticated organizations, internal audit functions must be technology-enabled to increase the scope and pace of their work, and produce more timely and reliable results. This becomes even more vital given the current global business climate, which calls for organizations to do more with fewer resources. In this podcast, Protiviti Managing Director Keith Kawashima discusses the benefits and strategic advantages of technology-enabled internal audits.
Trends in IT Internal Auditing: Greater Use of Automation, ‘Rebalancing’ Focus Away from Sarbanes-Oxley and Toward Broader Risk Management
Protiviti conducts a series of annual surveys among internal audit executives and professionals to identify key trends impacting organizations worldwide. Recent results from these studies include a number of notable trends in IT auditing. These trends focus on ISO 27000, computer-assisted audit techniques (CAATs), and IT audits not related to Sarbanes-Oxley compliance.
Using High Value IT Audits to Add Value and Evaluate Key Risks and Controls
High value audits are designed to provide the audit committee and process owners with cutting-edge, relevant and pragmatic insights into the technology risks and related recommendations in the audit area. The high value audit delivers actionable findings that drive the improvement of the organization’s financial and business systems and operations. In many cases, automated tools are used for more effective and efficient auditing. In all cases, having the right technical skills is critical. Those skills may not, however, always be resident in an existing internal audit organization.
Vice President, Chief Compliance Officer Job Description
The document serves as a sample job description for the appointment of a Chief Compliance Officer. It includes the responsibilities, duties and a basic description about the job.