Objectives An examination of the management controls within an information technology infrastructure of the client. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the client firm’s organizations goals and objectives. These reviews may be performed either independently or in conjunction with a financial statement audit, internal audit or other form of attestation engagement. Methodology
- Audit planning.
- Risk assessment and business process analysis.
- Audit strategy (Risk based information systems audit approach).
- Performance of audit work.
- Control Objectives for information and related technology (COBIT).
- Application control review.
- Use of Computer Aided Audit Techniques (CAATs) in the performance of an IS audit.
- Audit closure meeting.
- Information systems audit report