This tool contains two work program samples that highlight best-practice steps for the IT audit process. Sample 1 focuses on evaluating the effectiveness of the IT organization in supporting tactical business needs. It begins by identifying key project team members and outlines a structured timeline for planning, fieldwork and report issuance. The sample emphasizes the assessment of risk indicators, such as missing organization charts, poorly documented job descriptions and high turnover rates among CIOs, which may signal underlying issues within the organization. Key areas of evaluation include the alignment of IT services with business objectives.

The document highlights the importance of clear documentation and automated tools to ensure that the IT organization is equipped to meet current business demands and adapt to future challenges. Furthermore, it discusses the potential impacts of inadequate management, including lost revenue, reputational damage and operational inefficiencies. Overall, Sample 2 serves as a comprehensive framework for identifying weaknesses in IT management and recommending improvements, ensuring that IT departments effectively contribute to achieving business goals while maintaining operational reliability.

Risk indicators of potential problems include:

• A long-range plan to schedule and coordinate hardware/software upgrades to support the overall IT and business plan does not exist.
• Capacity planning to identify, assess and address storage capacity constraints does not exist.
• Production batch processing schedules are frequently late or incomplete.
• Formal procedures or automated tools to develop, maintain and execute production batch processing schedules do not exist.