Audit Program - ITA
Audit Program - ITA
Audit Program - ITA
Auditee:
Purpose
The purpose of this working paper is to provide guidance to the IT Auditor in performing the Audit Engagement and it cove
responsibilities, gathering evidence, documenting work performed and formulating findings and conclusions.
Period-end:
rforming the Audit Engagement and it covers performing an audit engagement, roles and
ing findings and conclusions.
Guidance
Guidance Note 1 -ISACA Standards and Guidelines 2203, Section 2.1.1
Audit Component: The IT Auditor should be able to identify auditable areas (audit
component) during the risk assessment of the entity and it's environment.
Guidance Note 4 -ISACA Standards and Guidelines 2203, Section 2.4.1, 2.4.2, 2.4.3 and
Based on your assessment of risk, the IT Auditor
should obtain evidence that is sufficient and appropriate to form an opinion or support
the conclusions and achieve the audit objectives. The IT Auditor can use a
combination of auditing methods for Test of Controls and or substantive testing.
Should deviations from expectations be identified, professionals should ask
management about the reasons for the difference. If management's explanation be
adequate, according to professional judgement, professionals should modify their
expectations and re-analyse the evidence and information.
Guidance Note 5 -ISACA Standards and Guidelines 2203, Section 2.4.4, 2.4.5, 2.4.6 an
Result of Tests/ Findings:
The IT auditor should consider the
source and nature of evidence obtained to evaluate its reliability and the need for
further verification. Appropriate analysis and interpretation should be performed by
professionals to support the audit findings and form conclusions. Significant
deviations from expectations should result in findings and be communicated to
Guidance Note 6 -ISACA Standards and Guidelines 2203, Section 2.5.1, 2.6.1-4
Conclusion/ Management Letter Point (MLP):
The IT Auditor must prepare
sufficient, appropriate and relevant documentation to cover the whole process. Based
on the above, conclusions and recommendations should be recorded here.
This is the information to be given to the financial or other auditor as per terms of
reference in the IT Discussion document.
Guidance Notes
1
Back to workpaper
1, 2.6.1-4
3
Back to Work Paper
Auditee: Reviewed by:
Period end: Level 1
Prepared by: Level 2
Rank: Level 3
Date:
Audit Component
Name Rank