Posted by: Robert Davis
AA, AICPA, Assurance Service, Attestation, Audit Assurance, Audit Opinion, CA, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, CIA, CICA, CISA, CITP, CPA, Engagement, Evidence, IFAC, Information Technology, ISACA, IT, IT Audit, PM, Project Management, Reporting, The IIA
IT audit area reporting conveys an opinion concerning control adequacy based on planning, studying, testing and evaluating material or significant auditable units. Whether an IT auditor is engaged in direct or attest reporting — after obtaining sufficient, reliable, relevant and useful evidence during the previous audit phases — formal audit results communication is an important step in the audit process. Direct reporting assignments exist when management does not document an assertion concerning control procedures effectiveness and the IT auditor provides an opinion. Conversely, attest reporting assignments exist when management documents a control procedures effectiveness assertion and the IT auditor provides an opinion about the stated assertion.