Reflective of ISACA standards and guidelines, the IT audit process should be replicated within for-profit and not-for-profit entities. “Topics which should be considered are set by COBIT in the IT Governance Management Guidelines.” However, an audit committee’s perceived mandate and mission may affect IT governance audit approach variability. Furthermore, the IT governance audit approach may vary according to ambit and resources applied. For instance, from an internal audit perspective, as noted in The IIA’s International Professional Practice Framework (IPPF) Standard 2110.A2: “The internal audit activity must assess whether the information technology governance of the organization sustains and supports the organization’s strategies and objectives.” IT governance audit evaluation criteria may also fluctuate due to audit objectives. For example, the IT governance audit assessment paradigm may be based on performance and/or compliance expectations.
“View Part I of the Auditing IT Governance series here“