IT Governance, Risk, and Compliance » Configuration Item

IT Audit Verification Planning: Resolving Technique Selection – Part VII

Robert Davis — Mon, 11 Jan 2010 18:21:10 +0000

Many techniques are available to the IT auditor. A significant responsibility is selecting a technique appropriate to the audit task at hand. To aid the IT auditor in understanding which technique may be appropriate, alternative schemes for categorization should be considered. Potential benefits include finding a close approximation of the employed taxonomy to the: audit objectives, objects to which the IT auditor applies procedures, and types of techniques that have been developed to assist the IT auditor.

“View Part I of the IT Audit Verification Planning: Resolving Technique Selection series here“

IT Audit Verification Planning: Resolving Technique Selection – Part VI

Robert Davis — Thu, 07 Jan 2010 19:30:31 +0000

Characteristics of a deployed audit trail can determine the test procedures performed. With an acceptable audit trail, the IT auditor may decide to trace selected data or information through the entire configuration or to determine infrastructure availability. Without a trail, the IT auditor may decide to execute extensive substantive tests on the electronically encoded configuration items.

“View Part I of the IT Audit Verification Planning: Resolving Technique Selection series here“

IT Audit Verification Planning: Resolving Technique Selection – Part V

Robert Davis — Mon, 04 Jan 2010 18:49:57 +0000

Performance of audit procedures on individual programs and files, or the entire configuration as an integrated unit, is determined by the audit objectives and the audit trial. To test the functionality of input controls, for example, the IT auditor can perform compliance tests on a specific program; while separately, or jointly, test the integrity of processing through performance of substantive procedures on a specific data file. Alternatively, the selected configuration may be compliance tested as an integrated unit by processing test data through it and examining errors rejected by programs and the contents of files for evidence of controls.

“View Part I of the IT Audit Verification Planning: Resolving Technique Selection series here“

IT Audit Verification Planning: Resolving Technique Selection – Part IV

Robert Davis — Wed, 30 Dec 2009 19:03:45 +0000

Auditing IT configurations involves performing compliance and substantive tests on a selected information asset as an integrated unit. Integration can refer to various activities including: combining the separate testing of programs and files into an overall evaluation; combining the testing of programs and files into a single test; utilizing a mixture of techniques to accomplish the compliance and substantive testing objectives and combining the results into an overall evaluation of the entire IT configuration or a specific configuration subset; and treating the IT configuration — with its programs and files — as a single unit that receives input, processes data, and produces output in a regulated environment.

“View Part I of the IT Audit Verification Planning: Resolving Technique Selection series here“

IT Audit Verification Planning: Resolving Technique Selection – Part III

Robert Davis — Mon, 28 Dec 2009 21:08:00 +0000

Auditing electronically encoded programs can also involve compliance and substantive testing. Compliance testing usually involves testing programs for controls. Techniques for auditing programs are primarily oriented toward compliance testing. Whereas, substantive testing typically involves ascertaining the reliability with which an electronically encoded program processes data.

“View Part I of the IT Audit Verification Planning: Resolving Technique Selection series here“

IT Audit Verification Planning: Resolving Technique Selection – Part II

Robert Davis — Wed, 23 Dec 2009 20:11:19 +0000

Compliance testing is the primary method employed to verify stated controls are operating effectively, while substantive testing is the primary method utilized to increase audit assurance. For instance, an IT auditor may reperform compliance testing, documented by an entity’s software quality assurance department, to verify controls are operating effectively. Whereas, an IT auditor may apply substantive testing procedures for recalculating cost allocations to assess if a discovered deficiency is material.

Auditing electronically encoded files can involve compliance testing and substantive testing. Specifically, files can be tested for evidence of compliance with designed controls or the integrity of the data contained therein. Techniques for auditing files are primarily oriented toward substantive testing of details in the selected repositories.

“View Part I of the IT Audit Verification Planning: Resolving Technique Selection series here“

IT Audit Verification Planning: Resolving Technique Selection – Part I

Robert Davis — Mon, 21 Dec 2009 19:59:49 +0000

There are a variety of techniques available to the IT auditor for compliance and substantive testing when performing assurance engagements. Selecting a technique appropriate for the assurance task at hand, however, can be difficult. Analytically, to provide the most suitable IT audit evidence, various classification schemes can be adopted to organize the diverse testing techniques. Through these taxonomies, the IT auditor can gain an understanding regarding which technique may be most appropriate for a given situation. Within this context, determining which elements of the IT architecture are to be examined is critical to the testing technique selection process. For instance, when combined with generally accepted IT naming conventions, IT assurance testing techniques can be applied to information assets such as files, programs, or configurations — depending on the particular audit objectives and accessible audit trails.