IT Audit process (Reporting)

Question 1

What is reporting?

Answer 1

It’s a document outcome of an audit

Question 2

When should you implement a Management Action Plan (MAP) or a Corrective Action Plan?

Answer 2

Once a recommendation is sent to auditee, come back with an action plan on how to correct each control gap.

Question 3

Follow up

Answer 3

Checking whether the audit findings have been corrected.

*Read MAP documented by client to determine if they address/correct audit findings.

Question 4

What is RIA?

Answer 4

It’s a recommendation requiring immediate attention with in 3 days.

Question 5

What is RPA?

Answer 5

It’s a recommendation requiring priority action between 60 days and 3 years.

Question 6

Audit Objective

Answer 6

What is the audit all about?

Question 7

Audit Scope

Answer 7

What exactly are we checking? (In Scope or out of scope)

Question 8

Planning

Answer 8

• Logistics (flight ticket, hotel, rental car)
• Meeting invitation
• Desk for 3 people
• Vacation planned
• Kickoff meeting invite
• Create audit program (set of questions we ask during the audit)
• Engagement letter

Question 9

Engagement letter

Answer 9

To be sent by audit management - Audit manager or director

Question 10

Kickoff meeting

Answer 10

First meeting with the client or IT Audit department

Question 11

Fieldwork

Answer 11

• Actual audit
• Testing
• Interview
• Status meetings

Question 12

Audit report

Answer 12

• Audit objective
• Scope,
• Background,
• Our opinion,
• Issues identified.

Question 13

Follow-up

Answer 13

Going to check later if they have implemented the solution