This GTAG is provided as a service to members of The IIA.
Learn more about the value of an IIA Membership.
Due to the high degree of organizational reliance on IT, it is crucial that chief audit executives (CAEs) understand how to create an IT audit plan as well as determine the frequency of audits and the breadth and depth of each audit. However, results from severalInstitute of Internal Auditors’ (IIA) external QA reviews reveal that developing an appropriate IT audit plan is one of the weakest links in internal audit activities. Many times, internal auditors simply review what they know or outsource to other companies letting them decide what to audit.
To this end, Developing the IT Audit Plan can help CAEs and internal auditors:
- Understand the organization and how IT supports it.
- Define and understand the IT environment.
- Identify the role of risk assessments in determining the IT audit universe.
- Formalize the annual IT audit plan.
This GTAG also provides an example of a hypothetical organization to show CAEs and internal auditors how to execute the steps necessary to define the IT audit universe. This document is also available in paperback format.
Prepared by The Institute of Internal Auditors (The IIA), each Global Technology Audit Guide (GTAG) is written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security. The GTAG series serves as a ready resource for chief audit executives on different technology-associated risks and recommended practices.