The basic instrument used in the audit process is an Audit Terms of Reference (AToR). In current practice, we face problems in developing AToRs, namely that each IT auditor has his or her own way of developing them. The AToR so developed consists of ...
a mix of detailed and general rules concerning the control measures to be assessed. The selection of these controls is not supported by any method. The topics to which the detailed and general rules are related do not always show clear relationships. Furthermore, each criterion within the AToR is formulated differently. This way of working has been classified as a 'Rule based' approach. The absence of a method or a systematic IT audit approach may have consequences for the results of an audit. Lack of coherence and profundity of criteria within the AToR, or an incorrect scope and delineation of an IT object to be audited may lead to deficiencies in an AToR and may cause 'IT audit risks'. An unstructured AToR may lead to an inappropriate audit opinion. This study provides a solution to this problem. It is a 'Principle based' approach. This approach is based on a conceptual framework, which consists of three components: Structure, Content and Form. The component 'Structure' refers to a multi-layer structure and is based on a general system pattern. The component 'Content' refers to a pattern of concepts and is based on a multi view approach (ie: Means-End view). Audit principles can be formulated based on these concepts. The component 'Form' refers to a semi-formal grammar for defining principles consistently. The framework has been developed based on pre-defined criteria that have been grouped and related to the components Structure, Content and Form. These criteria help in grounding these components and hence this approach. The framework makes it possible to assign a specific type of audit principle to a specific layer of the structure and provides guidance in selecting and formulating audit principles. Therefore, we would advise you to study this approach and use it in practice.
Number of pages: 512
Date of publication: 26/01/2011
- ISCRIVITI AD ANOBII -
Ti piace Structured Approach to IT Auditing? Iscriviti ad aNobii per vedere chi dei tuoi amici lo ha letto, e scopri libri simili!