IT Governance, Risk, and Compliance

Feb 15 2010   7:18PM GMT

IT Audit Reporting: Communicating Results – Part II

Robert Davis Robert Davis Profile: Robert Davis

The process utilized to ascertain ‘the degree of correspondence’ between assertions, or direct subject matter, and established criteria for IT audits is similar to that employed for manual audits; yet, slightly more complex. The process is similar because with these audit types, ‘the degree of correspondence’ requires objective and/or subjective judgment by the auditor as to what constitutes material noncompliance in the control system or error in information. The process is more complex for IT audits because the control system is commonly more sophisticated, and because it is generally more difficult to ascertain whether computer programs and data files provided to the auditor are those actually used; or bogus copies not actually invoked by the entity’s technology under examination. Consequently, to ensure an appropriate IT risk scoring, preceding audit report preparation, IT audit area findings analysis is performed.

View Part I of the IT Audit Reporting: Communicating Results series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: