Chapter 8. Audit Management

This chapter looks at audit management and its resource allocation and prioritization in the planning and execution of assignments. The management of Information Systems (IS) audit quality through techniques such as peer reviews and best practice identification is explored. The human aspects of management in the forms of career development and career-path planning, performance assessment, counselling and feedback, as well as professional development through certifications, professional involvement, and training (both internal and external) are reviewed.

Planning

It is important to emphasize that computer audit is only one part of the total internal or external audit function. The IS Audit group’s responsibility is to provide support to the general audit side on computer-related aspects of their work, by providing adequate audit coverage of the organization’s information systems. Audit management must ensure that general and computer audit work complement each other, dovetailing together to provide adequate audit coverage for the enterprise.

Planning the IS Audit function involves defining the areas of audit involvement. These could be the review of:

  • Business systems

  • Systems under development

  • IS facilities management

  • Security and recovery controls

  • Efficiency and effectiveness of IS

Audit Mission

To review, appraise, and report on:

  • Soundness, adequacy, and application of controls

  • Compliance with established policies, plans, and procedures

  • Accounting for and safeguarding ...

Get Auditor’s Guide to Information Systems Auditing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.