IT Governance, Risk, and Compliance » Information Criteria http://itknowledgeexchange.techtarget.com/it-governance Mon, 20 May 2013 00:56:50 +0000 en-US hourly 1 IT Audit Reporting: Communicating Results – Part VIII http://itknowledgeexchange.techtarget.com/it-governance/it-audit-reporting-communicating-results-part-viii/ http://itknowledgeexchange.techtarget.com/it-governance/it-audit-reporting-communicating-results-part-viii/#comments Mon, 08 Mar 2010 21:40:59 +0000 Robert Davis http://itknowledgeexchange.techtarget.com/it-governance/?p=410 IT auditors, like all auditors, are responsible for ‘communicating results to interested individuals.’ Interested individuals can include other members of the audit team, who must integrate the IT auditor’s findings with other aspects of the audit, as well as the client. Commonly, the audit purpose for reporting results is providing constructive feedback to management. However, in many cases, management personnel reviewing the audit report are not completely knowledgeable of the audit area’s IT services and associated terminology. For this reason, IT audit reports should be written to accommodate the lowest expected expertise level. Where readability risk is marginalized, IT audit reports will typically be readily received when they create managerial awareness regarding generally accepted information criteria (effectiveness, efficiency, confidentiality, integrity, availability, reliability and/or compliance) and induce corrective actions for detected control system weaknesses.

View Part I of the IT Audit Reporting: Communicating Results series here

]]> http://itknowledgeexchange.techtarget.com/it-governance/it-audit-reporting-communicating-results-part-viii/feed/ 0