Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding
Regarding laws and regulations, when professional standards are applied to compliance engagements, an IT auditor has the right to believe that management has established appropriate controls to prevent, deter and detect illegal acts, unless tests and evaluations carried on by an IT auditor prove otherwise. Furthermore, IT auditors should forego utilizing unlicensed tools and software when conducting IAP audit assignments.
ISACA. “Responsibility, Authority and Accountability.” In Information Systems Standards, Guidelines, and Procedures for Auditing and Control Professionals. Rolling Meadows, IL: ISACA, March 2006. http://www.isaca.org/AMTemplate.cfm?Section=Standards2&Template=/ContentManagement/ContentDisplay.cfm&ContentID=40571 (accessed May 3, 2008).