It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
In this chapter we learned that
-
The real mission of the internal audit department is to help improve the state of internal controls at the company.
-
Internal auditors are not truly independent, but they should be objective.
-
It is important to find ways to accomplish the department's mission outside formal audits. Early involvement, informal audits, knowledge sharing, and self-assessments are four important tools in this regard.
-
Building and maintaining good relationships with the IT organization are critical elements of the IT audit team's success.
-
The most effective IT audit teams ensure that every layer of the stack is covered, not just the application layer.
-
Successful IT audit teams generally will consist of a combination of career auditors and IT professionals.
-
It is critical to develop methods for maintaining the technical expertise of the IT audit team.
-
A healthy relationship should be developed with external IT auditors.
| Note | If you'ue interested in more information on the overall management of the audit function, an excellent resource is 'Managing the Audit Function: A Corporate Audit Department Procedures Guide' by Michael P. Cangemi and Tommie Singleton. |