Posted by: Robert Davis
AICPA, American Institute of Certified Public Accountants, Assurance Service, Attestation, Audit Report, Evidence, Follow-up Procedures, IFAC, Information Systems Audit and Control Association, International Federation of Accountants, ISACA, IT Audit, Procedures, Project Management, The IIA, The IIC, The Institute for Internal Controls, The Institute of Internal Auditors
IT audit area follow-up takes into account the materiality of reported findings and the impact if corrective action is not taken. As particulars, follow-up nature, timing and extent are dependent on audit materiality and control criticality. IT audit follow-up nature represents the type of procedures that will be performed considering predetermined risk associated with an auditable unit. IT audit follow-up timing confers when a procedure will be performed. Whereby, IT audit follow-up extent conveys the amount and/or range to be assessed. In relation to these defined considerations, audit materiality typically reflects monetary magnitude relative to other assets; while control activity criticality infers the assessed item impact magnitude relative to other risks.