Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Internal Audit, IT Audit, ITG, Performance Measurement, Resource Management, Risk Management, Strategic Alignment, Value Delivery
IT governance audits normally have an organizational focus. ‘Organizational-based’ IT governance audits examine deployed frameworks, managerial issues, and departmental activities. However, if during ‘organizational-based’ planning the IT auditor discovers a governance framework is not deployed, the audit planner should utilize the COBIT framework as a minimum basis for setting detail objectives.
Alternatively, IT governance may be within the ambit of other IT audit areas. Under these circumstances, a ‘results-based’ audit may be appropriate. Quantitatively, ‘results-based’ audits can address performance issues utilizing goal and performance indicators as measurement standards. Qualitatively, ‘results-based’ audits can also provide audit area governance knowledge and practices assessments. Whatever ‘results-based’ audit measurement standards utilized, IT governance effectiveness is the primary auditable unit audit objective.
“View Part I of the Auditing IT Governance series here“