ISACA : Information Systems Auditing: Tools and Techniques Creating Audit Programs

TABLE OF CONTENTS Introduction...................................................................................................................................................................3 Purpose of This Publica ...

TABLE OF CONTENTS Introduction...................................................................................................................................................................3 Purpose of This Publication.........................................................................................................................................3 Audience......................................................................................................................................................................3 Scope and Approach....................................................................................................................................................3 Terminology..................................................................................................................................................................4 The Audit Process..........................................................................................................................................................5 Audit and Assurance Programs.....................................................................................................................................8 Objectives of Developing Audit and Assurance Programs..........................................................................................8 Minimum Skills to Develop an Audit and Assurance Program...................................................................................9 Steps to Develop an Audit and Assurance Program....................................................................................................9 Appendix A—List of Resources...................................................................................................................................16 ISACA Resources......................................................................................................................................................16 Additional Resources..................................................................................................................................................16 Information Systems Auditing: Tools and Techniques—Creating Audit Programs Introduction ©2016 Information Systems Audit and Control Association, Inc. (ISACA). All rights reserved. 3 INTRODUCTION Organizations undertake audits for many reasons. An audit can help the enterprise ensure effective operations and attest to its compliance with administrative and legal regulations. It can confirm for management that the business is functioning well and is prepared to meet potential challenges. Perhaps most important, it can assure stakeholders of the financial, operational and ethical well-being of the organization. Information systems (IS) audits support all those outcomes, with a special focus on the information and related systems upon which most businesses and public institutions depend for competitive advantage. Achievement of the many benefits that can accrue to an effective audit depends on proper and thorough planning of the audit engagement. The scope and the objective of the audit must be understood and accepted by both the auditor and the area being audited. Once the purpose for the audit is clearly defined, the audit plan can be created, which will encapsulate the agreed scope, objectives and procedures needed to obtain evidence that is relevant, reliable and sufficient to draw and support audit conclusions and opinions. An important component of the audit plan is the audit program, also known as work program. The audit program is commonly used to document the specific procedures and steps that will be used to test and verify control effectiveness. The quality of the audit program has a significant impact on the consistency and quality of the audit results, so it is imperative that IS auditors understand how to develop comprehensive audit programs