THIS CHAPTER LOOKS at audit management and its resource allocation and prioritization in the planning and execution of assignments. The management of Information Technology (IT) audit quality through techniques such as peer reviews and best practice identification is explored. The human aspects of management in the forms of career development and career-path planning, performance assessment, counseling and feedback, as well as professional development through certifications, professional involvement, and training (both internal and external) are reviewed.
It is important to emphasize that computer auditing is only one part of the total internal or external audit function. The IT audit group’s responsibility is to provide support to the general audit side on computer-related aspects of their work, by providing adequate audit coverage of the organization’s information systems. Audit management must ensure that general and computer audit work complement each other, dovetailing together to provide adequate audit coverage for the enterprise.
Planning the IT audit function involves defining the areas of audit involvement. These could be the review of:
- Business systems
- Systems under development
- IT facilities management
- Security and recovery controls
- Efficiency and effectiveness of IT
To review, appraise, and report on:
- Soundness, adequacy, and application of controls
- Compliance with established policies, plans, and procedures