Posted by: Robert Davis
Administrative Control, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Control, IAP, Information Assets Protection, Information Security Governance, Internal Control, ISG, IT Audit
Control environment scanning to produce a viable IT audit plan should be considered fundamental to planning an IT audit. Primary consideration regarding the control environment’s operating style is IT auditability. As with most audit situations, verifiability is heavily dependent on auditability. IT auditability considerations should precede IT integrated process deployment. In other words, auditability should be included in the design of IT and the information being provided to audit areas. Consequentially, auditability can assist or hinder an IT assurance effort; if it does not postpone a planned audit.
“View Part I of the Auditing Information Assets Protection series here“