IT Governance, Risk, and Compliance » GRC http://itknowledgeexchange.techtarget.com/it-governance Mon, 20 May 2013 00:56:50 +0000 en-US hourly 1 IT Audit Fieldwork: Generally Accepted Processes – Part V http://itknowledgeexchange.techtarget.com/it-governance/it-audit-fieldwork-generally-accepted-processes-part-v/ http://itknowledgeexchange.techtarget.com/it-governance/it-audit-fieldwork-generally-accepted-processes-part-v/#comments Thu, 28 Jan 2010 16:56:57 +0000 Robert Davis http://itknowledgeexchange.techtarget.com/it-governance/?p=365 Concepts and procedures involved in the auditor’s study and evaluation of controls for manual systems are also applicable when processing is performed by IT. Commonly, a primary objective of the control study and evaluation is to determine the extent designed controls meet defined criteria; while a secondary objective of the control study and evaluation is to determine the extent that the auditor can rely on the examined configuration for restricting subsequent audit procedures and to plan those subsequent audit procedures deemed necessary.

Basic control system procedures are applicable to all IT that process datum. However, the IT auditor must be able to distinguish controls at a detail level in order to properly evaluate the appropriateness of application. Study of the defined control system is followed by evaluation of the corresponding control system to determine the extent that the IT auditor can rely on deployed controls in utilizing, or designing, subsequent audit procedures.

View Part I of the IT Audit Fieldwork: Generally Accepted Processes series here

]]> http://itknowledgeexchange.techtarget.com/it-governance/it-audit-fieldwork-generally-accepted-processes-part-v/feed/ 0