This tool contains two work program samples that highlight best-practice steps for the IT audit process.  

Risk indicators include missing organization charts; implying organizational confusion over roles and responsibilities; few or poorly documented job descriptions; gaps in coverage with roles and responsibilities unmet by individuals; “pockets” of IT emerging in user organizations, signaling dissatisfaction with the formal IT organization; redundant roles, which could result in poorly coordinated work; frequent and costly service interruptions due to equipment failures or job re-runs due to missed deadlines; and difficulty in restoring or recovering lost, missing or corrupted data due to inadequate backup procedures.