Abstract
To fulfill audit planner responsibilities, the information technology (IT) auditor must determine examinable units using a selection method for engagements. Through synthesis of relevant audit standards and guidelines as well as professional experience, Chapter 1 presents crucial inputs to the IT audit planning process to organize a comprehensive assessment of an IT audit area. Chapter 1 discusses how to obtain an understanding of assurance objectives, enterprise objectives, and business practices for an IT audit project. Moreover, Chapter 1 discusses IT audit materiality, IT audit risk assessment tasks, and presents foundational control appraisal tasks from a system perspective.
TopIt Audit Objectives
When approaching the IT audit planning process from a system perspective, an objective has a different meaning than a goal (Davis, 2011a; Gleim, 1989; Spacey, 2017). Minimally, an objective is a broad intended achievement statement (Cascarino, 2012; Gleim, 1989) supporting the organization’s vision, mission, and values (Davis, 2011a). Objectives are the first-tier general means of assessing how well a course of action is performing, and if the course of action is progressing toward expected results. Whereas, a goal is a discrete specific system aim (Davis, 2011a; Gleim, 1989). Goals are the second-tier specific means of assessing how well a course of action is performing, and if the course of action is progressing toward expected results.
Key Terms in this Chapter
Subject Matter: Represents a specific information topic for an audit report and related procedures.
Information Technology: The hardware, software, services, and supporting infrastructure that manages or delivers data using electronic encoding.
Audit Assurance: A percentage of audit area direct subject matter, related subject matter, or management assertion confidence of activity certainty that adequate controls are functioning as intended.
Internal Control: An organizational policy, procedure, directive, or practice providing reasonable assurance of expected processing performance (as specified by internal control objectives) to prevent or detect and correct undesirable events.
Auditable Unit: A transaction, cycle, or event within the engagement ambit.
Auditee: The personnel and related business practices, under examination.
Information System: A discrete resource grouping organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of voice, data, or video.
Ends: Things the enterprise seeks to accomplish.