Chapter 7. Audit Planning Process

This chapter examines the Audit Planning Process at both a strategic and tactical level. The use of risk-based auditing and risk assessment methods and standards are covered. The preliminary evaluation of internal controls via the appropriate information gathering and control evaluation techniques as a fundamental component of the audit plan and the design of the audit plan to achieve a variety of audit scopes is detailed.

Benefits of an Audit Plan

Planning is fundamental to successful auditing. Bad planning typically results in a failure to achieve the audit objectives as well as the conducting of audits being either insufficient in scope with unidentified risks resulting in incomplete audits, or alternatively over-auditing and making inefficient use of resources.

One of the more common mistakes made by Information Technology (IT) auditors is proceeding to implementation of the audit without having a clearly thought-out plan.

Planning is one of the most fundamental management techniques and yet one of the most badly executed techniques. In order for an audit to be effective it must, by definition, achieve its objectives. It is critical that the auditor fully understand these objectives before the audit commences. A structured, well-documented audit plan identifies and establishes the criteria against which a successful audit will be measured. The planning process involves:

  • Identifying the tasks to be performed in the course of an audit

  • Allocation of ...

Get Auditor’s Guide to Information Systems Auditing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.