Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Internal Audit, IT Audit, ITG, Performance Measurement, Resource Management, Risk Management, Strategic Alignment, Value Delivery
To prevent expectation misinterpretation, the IT governance engagement ‘terms of reference’ should minimally address engagement ambit, reporting lines, and IT audit authority. Specifically, IT governance functional areas and issues definitions; identified ‘highest-organization-level’ issues reporting; as well as auditor information access rights should be clearly documented in the audit charter and/or engagement letter.
IT governance can be an individual audit area examination or an auditable unit examination for every IT function audit undertaken. During the IT audit planning process, all or segments of an entity’s deployed governance related frameworks may be selected as auditable units. Furthermore, IT governance audits may cross divisional, functional, or departmental demarcations.
“View Part I of the Auditing IT Governance series here“