Book Chapter

Preparing for auditors: Checklists for before, during and after an IT audit

In this excerpt from Chapter 2, Audit and Review: Its Role in Information Technology, from Information Technology Control and Audit, Second Edition, author Frederick Gallegos

    Requires Free Membership to View

offers IT managers checklists to assist in the preparation of an IT audit.

"If you build it, they will come" has been a familiar phrase used in reference to the coming of the auditor. An IT manager has a right to receive a quality audit. However, managers can do much to ensure that they receive such a review by asking such questions and making such preparations as given below.

Preaudit checklist:

  1. Who are members of the audit team, and what are their roles and assignments?
  2. What are the credentials and experience of the assigned audit team?
  3. What orientation or training can you provide them to be comfortable within the environment?
  4. Communicate with your managers and staff in the areas to be audited.
  5. If an area was audited before, review the prior report to see the issues raised and recommended made. Get an update of corrections or changes made as a result of prior audit work and give your staff and the audit department credit.

Audit checklist:

  1. Purpose of the audit?
  2. Scope and objectives?
  3. Who are the audit staff assigned? (Ask to be notified if any staff are changed.)
  4. Timeframe for work to be performed?
  5. Use of computer time/access to system/logs/training needed.
  6. Access to IT management and staff?
  7. Communicate (1) and (2) to all IT staff affected.
  8. Set weekly or biweekly meetings with audit manager/audit team to discuss audit progress and issues.
  9. Before the audit is finished, request close-out conference from audit group.
  10. Request a copy of audit report.

Post-audit checklist:

  1. When the audit report is issued, pull your team together and discuss the report; if you follow the steps above there should be no surprises. If there are, there was a communication breakdown somewhere.
  2. If you disagree with the report or portions of the report, do so in writing with supporting evidence. Remember, the auditor has supporting evidence for their reports, and this exists in their working papers. For those areas you agree, indicate what corrective actions your team plans to take.
  3. Have your team provide a status report to you on a 3- to 6-month cycle with a copy to go to Internal Audit. This shows you value their work.

This was first published in June 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: