GTAG 4: Management of IT Auditing - The Institute of Internal Auditors

GTAG 4 Cover Guide 4: Management of IT Auditing
Management of IT Auditing - the fourth guide in the Global Technology Audit Guide (GTAG^®). There is no question that IT is changing the nature of the internal audit functions. The risks companies face, the types of audits that should be performed, how to prioritize the audit universe, and how to deliver insightful findings are all issues with which chief audit executive (CAE) must grapple. This guide is designed for CAE and internal audit management personnel who are responsible for overseeing IT audits. The purpose is to help sort through the strategic issues regarding planning, performing, and reporting on IT audits. Consideration will be given to the fundamentals as well as emerging issues. It covers how to:

Define IT - What areas should be considered for inclusion in an IT audit plan? The CAE should be able to measure his or her planned IT audit scope against the guidelines presented here to help ensure that the scope of IT audit procedures is adequate.

Evaluate IT-related Risk - It is clear that the evolution of IT introduces new risks into an organization. This guide will help the CAE understand how to best identify and quantify these IT-related risks. Doing so will help ensure that IT audit procedures and resources are focused on the areas that represent the most risk to the organization.

Define the IT Audit Universe - IT audit resources are typically scarce, and IT audit demands are substantial. A section on defining the IT audit universe will help the CAE understand how to build an IT audit plan that effectively balances IT audit needs with resource constraints.

Execute IT Audits - The proliferation and complexity of IT dictates the need for new IT audit procedures. Auditing by checklist or by inquiry is likely to be insufficient. This book offers specific guidance for the CAE on how to execute IT audit procedures and how to understand what standards and frameworks exist in the marketplace that can support required procedures.

Manage the IT Audit Function - Managing the IT audit function may require new management techniques and procedures. This guide provides helpful hints and techniques for maximizing the effectiveness of the IT audit function and managing IT audit resources.

Emerging Issues - IT evolves rapidly. This evolution can introduce significant new risks into an organization. The world class CAE focuses IT audit attention on not just the basic building blocks of IT, but also new and emerging technologies. A section on emerging issues will provide specific information on a number of emerging technologies, evaluate the risks that these technologies pose to an organization, and provide recommendations for how the CAE should respond to these risks.

The focus of this guide is on providing pragmatic information in plain English, with specific recommendations that a CAE can implement immediately. Further consideration is given to providing questions that a CAE can ask to help understand if his or her IT audit function is a high performer.

Author: Michael Juergens, Principal, Deloitte & Touche LLP

Contributing Author: David Maberry, Senior Manager, Deloitte & Touche LLP

Download GTAG 4: Management of IT Auditing (PDF, 377KB)
Purchase the printed version.

Download GTAG 4 PowerPoint slides (PPT, 405KB)

Download form for permission to translate to another language (Word, 95KB)

Quick Search Advanced Search Site Map IIA Popular Pages CIA Exam Content CFSA Individual Memberships Code of Ethics Information Technology		Home / Professional Guidance / Information Technology / GTAG / GTAG4 Guide 4: Management of IT Auditing Management of IT Auditing - the fourth guide in the Global Technology Audit Guide (GTAG^®). There is no question that IT is changing the nature of the internal audit functions. The risks companies face, the types of audits that should be performed, how to prioritize the audit universe, and how to deliver insightful findings are all issues with which chief audit executive (CAE) must grapple. This guide is designed for CAE and internal audit management personnel who are responsible for overseeing IT audits. The purpose is to help sort through the strategic issues regarding planning, performing, and reporting on IT audits. Consideration will be given to the fundamentals as well as emerging issues. It covers how to: Define IT - What areas should be considered for inclusion in an IT audit plan? The CAE should be able to measure his or her planned IT audit scope against the guidelines presented here to help ensure that the scope of IT audit procedures is adequate. Evaluate IT-related Risk - It is clear that the evolution of IT introduces new risks into an organization. This guide will help the CAE understand how to best identify and quantify these IT-related risks. Doing so will help ensure that IT audit procedures and resources are focused on the areas that represent the most risk to the organization. Define the IT Audit Universe - IT audit resources are typically scarce, and IT audit demands are substantial. A section on defining the IT audit universe will help the CAE understand how to build an IT audit plan that effectively balances IT audit needs with resource constraints. Execute IT Audits - The proliferation and complexity of IT dictates the need for new IT audit procedures. Auditing by checklist or by inquiry is likely to be insufficient. This book offers specific guidance for the CAE on how to execute IT audit procedures and how to understand what standards and frameworks exist in the marketplace that can support required procedures. Manage the IT Audit Function - Managing the IT audit function may require new management techniques and procedures. This guide provides helpful hints and techniques for maximizing the effectiveness of the IT audit function and managing IT audit resources. Emerging Issues - IT evolves rapidly. This evolution can introduce significant new risks into an organization. The world class CAE focuses IT audit attention on not just the basic building blocks of IT, but also new and emerging technologies. A section on emerging issues will provide specific information on a number of emerging technologies, evaluate the risks that these technologies pose to an organization, and provide recommendations for how the CAE should respond to these risks. The focus of this guide is on providing pragmatic information in plain English, with specific recommendations that a CAE can implement immediately. Further consideration is given to providing questions that a CAE can ask to help understand if his or her IT audit function is a high performer. Author: Michael Juergens, Principal, Deloitte & Touche LLP Contributing Author: David Maberry, Senior Manager, Deloitte & Touche LLP Download GTAG 4: Management of IT Auditing (PDF, 377KB) Purchase the printed version. Download GTAG 4 PowerPoint slides (PPT, 405KB) Download form for permission to translate to another language (Word, 95KB)		Global Technology Audit Guides (GTAG^®) Guide 1 Guide 2 Guide 3 Guide 4 Guide 5 Guide 6 Guide 7 Guide 8 Guide 9 IT Resources Review some of the latest IT Resources available for IT auditing. GAIT Project Learn more about the ongoing IT auditing guidance project known as the Guide to the Assessment of ITGeneral Controls Scope Based on Risk (GAIT). Information Technology