GTAG 11 - Developing the IT Audit Plan

GTAG 11 - Developing the IT Audit Plan

Results from several IIA external quality assessment reviews reveal that developing an appropriate IT audit plan is one of the weakest links in internal audit activities. Many times, internal auditors simply review what they know or outsource to other companies, letting them decide what to audit.

To this end, Developing the IT Audit Plan can help CAEs and internal auditors:

• Understand the organization and how IT supports it.
• Define and understand the IT environment.
• Identify the role of risk assessments in determining the IT audit universe.
• Formalize the annual IT audit plan.

This GTAG also provides an example of a hypothetical organization to show how to execute the steps necessary to define the IT audit universe.