Chapter 8. Audit Management
This chapter looks at audit management and its resource allocation and prioritization in the planning and execution of assignments. The management of Information Systems (IS) audit quality through techniques such as peer reviews and best practice identification is explored. The human aspects of management in the forms of career development and career-path planning, performance assessment, counselling and feedback, as well as professional development through certifications, professional involvement, and training (both internal and external) are reviewed.
It is important to emphasize that computer audit is only one part of the total internal or external audit function. The IS Audit group’s responsibility is to provide support to the general audit side on computer-related aspects of their work, by providing adequate audit coverage of the organization’s information systems. Audit management must ensure that general and computer audit work complement each other, dovetailing together to provide adequate audit coverage for the enterprise.
Planning the IS Audit function involves defining the areas of audit involvement. These could be the review of:
Systems under development
IS facilities management
Security and recovery controls
Efficiency and effectiveness of IS
To review, appraise, and report on:
Soundness, adequacy, and application of controls
Compliance with established policies, plans, and procedures
Accounting for and safeguarding ...