Planning an Efficient Information Systems Audit Program: ISACA Highlights Key Steps

Planning an Efficient Information Systems Audit Program: ISACA Highlights Key Steps

In today's digital world, ensuring the effective, efficient, secure, and reliable operation of information technology (IT) is more important than ever. To help professionals navigate this complex landscape, ISACA, a global nonprofit association, has released a new white paper providing practical guidance on how to develop audit programs from the ground up.

Established in 1969, ISACA boasts a community of 140,000 professionals in 180 countries. This global network offers knowledge, standards, networking, credentialing, and career development to help professionals lead, adapt, and assure trust in an evolving digital world.

According to Rosemary M. Amato, a director on ISACA's Board and Director, Deloitte Accountant B.V., the guide can be leveraged in an organization to add value to the audit function.

The effectiveness of the audit depends on the quality of the audit program. ISACA's report identifies five steps for creating an effective audit program.

1. Determining Audit Subject: This step involves identifying the specific IT system or process that will be the focus of the audit.
2. Defining Audit Objective: The audit objective should be clear and concise, outlining what the auditor hopes to achieve through the audit.
3. Setting Audit Scope: This critical step helps the auditor understand the IT environment and its components to identify the resources required for a comprehensive evaluation.
4. Performing Pre-Audit Planning: This phase consists of five key steps: risk assessment, identifying regulatory compliance requirements, determining the resources needed to perform the audit, and determining audit procedures and steps for data gathering.
5. Final Planning: The final planning step involves obtaining departmental policies for review, developing a methodology to test and verify controls, and creating test scripts plus criteria to evaluate the test.

The audit process consists of three phases: planning, fieldwork/documentation, and reporting/follow-up. The fieldwork and documentation phase, which includes acquiring data, testing controls, issue discovery and validation, and documenting results, is described in detail in ISACA's

Read also:

• Thriving once more: recovery of the gaming sector's downfall
• Attend NAB 2022 Event
• Increase in Electric Vehicle Charging Stations Across U.S., But Is It Sufficient?
• Ford Pro Launches Customized Fleet Telematics and Dashboard Cameras