Alternatively, IAP may be within the ambit of other IT audit areas. Under these circumstances, a ‘functional-based’, ‘application based’, or ‘compliance-based’ examination may be appropriate. ‘Functional-based’ audits address identified processes as auditable units that can include goals and objectives, ownership, repeatability, as well as roles and responsibilities. ‘Application-based’ audits address identified areas where IT is superposed to complete a task that can accommodate completeness, accuracy, validity, authorization, and segregation-of-duties. Lastly, ‘compliance-based’ audits redress adherence to externally and internally imposed entity requirements that can encompass national laws, and regulations, as well as standards.
“View Part I of the Auditing Information Assets Protection series here“