IT Audit can play a critical role in evaluating an organization’s information security strategy, business continuity setup and readiness to face system downtime from various factors, and supporting program and partnering to improve the level of control.
IT Audit Plan Development Process
—————————————–
Understand the Business
Identify the organization’s strategies and business objectives
Understand the high risk profile for the organization
Identify how the organization structures their business operations
Understand the IT service support model
—————————————–
Understand the Business
Identify the organization’s strategies and business objectives
Understand the high risk profile for the organization
Identify how the organization structures their business operations
Understand the IT service support model
Define IT Universe
Dissect the business fundamentals
Identify significant applications that support the business operations
Identify critical infrastructure for the significant applications
Understand the role of supporting technologies
Identify major projects and initiatives
Determine realistic audit subjects
Perform Risk Assessment
Develop processes to identify risks
Assess risk and rank audit subjects using IT risk factors
Assess risk and rank subjects using business risk factors
Formalize Audit Plan
Select audit subjects and bundle into distinct audit engagements
Determine audit cycle and frequency
Add appropriate engagements based on management requests or opportunities for consulting
Validate the plan with business management