Académique Documents
Professionnel Documents
Culture Documents
Audit
FEUI
Introduction
Objective
► To have understanding of IT audit lifecycle.
► To give overview of four main type of IT audits.
► To have broad understanding of the logistics of conducting the IT
audits.
Agenda
► Audit standards
► The IT Audit lifecycle
► Types of IT Audit
► Using CobiT to perform an audit
► Summary
► Q&A
Page 2 Conducting the IT Audit
Audit standards
Planning
Planning
Determining what the risks are inherent
Risk assessment in the audit, familiarizing with audit client
and it’s environment, plan for conducting
audit, how the audit will generally be
Prepare audit program conducted including who will staff the
audit.
Gather evidence
Risk assessment
Form conclusions “What can go wrong?”
IT auditors focus on first determining
what the critical support process, then
Deliver audit opinion ask themselves what can possibly go
wrong within those support process.
Follow up
Planning
Prepare audit program
There is no specific standard audit
Risk assessment program for IT Audit since it must be
customized to client’s hardware and
software, network, etc. A generic audit
Prepare audit program program includes: Audit scope, audit
objectives, audit procedures and
administrative detail such as reporting.
Gather evidence
Gathering evidence
Form conclusions The purpose of filed work is to gather
“sufficient, reliable, relevant and useful
evidence to achieve the audit objectives
Deliver audit opinion effectively. Not all evidence is created
equal, auditors must discern the quality
of evidence they collect during fieldwork.
Follow up
Planning
Forming conclusions
It is auditor’s job to evaluate the
Risk assessment evidence and form conclusions also to
identify any reportable conclusions.
Reportable conditions are usually
Prepare audit program compiled in Management Letter. The
conclusions should never be a surprised
to management personnel.
Gather evidence
Planning
Risk assessment
1 2
Attestation Findings and
recommendation
3 4
SAS 70 Audit SAS 94 Audit
(SSAE 16)
Thank You