Previous | Table of Contents | Next |
Specific audit planning is divided into two parts: part one occurs before the fieldwork and part two occurs during the fieldwork. This section deals with audit planning that occurs before commencing the fieldwork.
The prefieldwork individual audit planning is usually performed by the auditor-in-charge. In addition, the planning involves sources of information other than what can be readily acquired from the auditee (e.g., the results of previous audits, consultation with corporate management and key staff groups, and industrial and risk analysis). This differentiates prefieldwork audit planning from the planning that occurs through preliminary investigation of the auditee area, although some audit groups combine both types of individual audit planning.
The IT audit manager should assign auditor-in-charge for this specific audit. The auditor-in-charge then begins to plan for the specific audit.
The IT auditor manager must first become familiar with the individual audit application and audit the risk involved. The annual audit usually provides the auditor with the necessary information.
The manager should assign an auditor-in-charge on the basis of the audit risk, audit scope, and application area. The considerations in assigning an auditor-in-charge include:
The auditor-in-charge gathers sufficient background data on the audit to help the plan address the major risk and exposure areas. This fact-gathering task includes visiting and obtaining information from all areas except the auditee areas. In addition, if the information processing area is not visited during the audit, it should be visited as part of this step.
The auditor-in-charge must examine as much background material and interview as many knowledgeable staff members as time permits and potential audit risks warrant. Interviewing large groups for short periods of time usually causes concerns to surface and reveals facts that are helpful in identifying problems. Any and all parties involved in the auditees business should be interviewed.
The audit department should develop procedures for performing this fact-gathering process. The most logical individuals to interview include:
These interviews need not be extensive in length, but should include the following types of questions.
The following sources are helpful in gathering background information.
Previous | Table of Contents | Next |