This document discusses information system audit resource management and planning. It states that IS auditors must maintain their technical competence through ongoing training, as technology constantly changes. A detailed training plan should be developed based on an organization's technology and risks. Planning involves both short-term audits for the current year as well as long-term consideration of emerging risks, and future audit activities should be approved by senior management and the audit committee. Effective planning requires the auditor to understand the business, information systems, technologies, objectives, and risks to identify appropriate audit scope, objectives, and resources.
2. IS Audit Resource Management
• The IS technology is constantly changing.
• The IS Auditors maintain their competency
through updates of existing skills and
obtaining trainings of new audit techniques.
• The IS auditor should be technically sound and
should maintain technical competence
through continuing professional education.
3. IS Audit Resource Management
(Cont’d)
• A detailed staff training plan should be drawn
based on technology and risk issues of an
organization.
• The trainings should be arranged at least semiannually.
• The IS audit management provides necessary IT
resources needed to perform IS audits of a highly
specialized nature (e.g software scanners for
network intrusion tests).
4. Audit Planning
• Short term planning
– Takes into account audit issues that will be
covered during the year.
• Long term planning
– Takes into consideration risk-related issues which
may affect the organization’s IT environment.
• The planning of future audit activities should
be reviewed by senior audit management and
approved by audit committee.
5. Audit Planning (Con’d)
• During audit planning, the IS auditor must
have an understanding of the overall
environment under review.
– Various business practices and functions
– Types of information systems
– Supporting technology
• The IS Auditor should:
– Gain an understanding of business’s objectives
– Information and processing requirements
6. Audit Planning (Con’d)
– Identify policies, standards and guidelines
– Perform risk analysis
– Conduct IS control review
– Set audit scope and audit objectives
– Develop audit approach or audit strategy
• Identifying available audit resources and
assigning appropriate tasks.
7. Audit Planning (Con’d)
– Identify policies, standards and guidelines
– Perform risk analysis
– Conduct IS control review
– Set audit scope and audit objectives
– Develop audit approach or audit strategy
• Identifying available audit resources and
assigning appropriate tasks.