What is the scope of IT audit?  

well Radhe, An IT audit should not be confused with a financial statement audit. While there may be some abstract similarities, a financial audit's primary purpose is to evaluate whether an organization is adhering to standard accounting practices. The primary functions of an IT audit are to evaluate the system's efficacy and security protocols, in particular, to evaluate the organization's ability to protect its information assets and properly dispense information to authorized parties. 1. The remit of the Department (for Internal Audit) or the contract (External Audit) in relation to other review and control functions (e.g. information security, risk management, legal)
2. Audit resources i.e. the number of IT auditors, other auditors and their managers, plus the breadth and depth of their experience in IT audit (e.g. in some departments, IT-skilled business auditors cover a lot of areas that would be left to IT auditors elsewhere)
3.Scope of the individual IT audit assignments
4.The audit plan for the period - usually documents the high-risk topics the auditors are likely to cover
5.State of relations with client functions. Whereas some departments refer to formal definitions, ‘audit friendly’ folk tend to be more chilled-out to the extent that auditors may even occasionally be called upon to perform conventional (internal) consultancy rôles.
Typically, however, the IT audit function covers the following areas:

6. Operational computer systems (servers, workstations), networks (LANs, WANs) and data
7.Computer systems under development and/or being tested or implemented
8. The IT Department whether central or distributed and their relationship with management, user departments, end-users, support/admin functions (e.g. Human Resources, Legal), customers, suppliers, partners, regulators etc.

Answered by Raksha at 8:32 AM on June 26, 2008

Internal audit provides objective input to the management and to the audit committee on the effectiveness of the organisation's risk management and internal control activities.
It has a wide job scope.

Answered by ayisha at 6:21 PM on June 01, 2008

An IT audit should not be confused with a financial statement audit. While there may be some abstract similarities, a financial audit's primary purpose is to evaluate whether an organization is adhering to standard accounting practices. The primary functions of an IT audit are to evaluate the system's efficacy and security protocols, in particular, to evaluate the organization's ability to protect its information assets and properly dispense information to authorized parties. 1. The remit of the Department (for Internal Audit) or the contract (External Audit) in relation to other review and control functions (e.g. information security, risk management, legal)
2. Audit resources i.e. the number of IT auditors, other auditors and their managers, plus the breadth and depth of their experience in IT audit (e.g. in some departments, IT-skilled business auditors cover a lot of areas that would be left to IT auditors elsewhere)
3.Scope of the individual IT audit assignments
4.The audit plan for the period - usually documents the high-risk topics the auditors are likely to cover
5.State of relations with client functions. Whereas some departments refer to formal definitions, ‘audit friendly’ folk tend to be more chilled-out to the extent that auditors may even occasionally be called upon to perform conventional (internal) consultancy rôles.
Typically, however, the IT audit function covers the following areas:

6. Operational computer systems (servers, workstations), networks (LANs, WANs) and data
7.Computer systems under development and/or being tested or implemented
8. The IT Department whether central or distributed and their relationship with management, user departments, end-users, support/admin functions (e.g. Human Resources, Legal), customers, suppliers, partners, regulators etc.

Answered by Madhurima at 1:12 PM on May 31, 2008

well Radhe, An IT audit should not be confused with a financial statement audit. While there may be some abstract similarities, a financial audit's primary purpose is to evaluate whether an organization is adhering to standard accounting practices. The primary functions of an IT audit are to evaluate the system's efficacy and security protocols, in particular, to evaluate the organization's ability to protect its information assets and properly dispense information to authorized parties. 1. The remit of the Department (for Internal Audit) or the contract (External Audit) in relation to other review and control functions (e.g. information security, risk management, legal)
2. Audit resources i.e. the number of IT auditors, other auditors and their managers, plus the breadth and depth of their experience in IT audit (e.g. in some departments, IT-skilled business auditors cover a lot of areas that would be left to IT auditors elsewhere)
3.Scope of the individual IT audit assignments
4.The audit plan for the period - usually documents the high-risk topics the auditors are likely to cover
5.State of relations with client functions. Whereas some departments refer to formal definitions, ‘audit friendly’ folk tend to be more chilled-out to the extent that auditors may even occasionally be called upon to perform conventional (internal) consultancy rôles.
Typically, however, the IT audit function covers the following areas:

6. Operational computer systems (servers, workstations), networks (LANs, WANs) and data
7.Computer systems under development and/or being tested or implemented
8. The IT Department whether central or distributed and their relationship with management, user departments, end-users, support/admin functions (e.g. Human Resources, Legal), customers, suppliers, partners, regulators etc.

Answered by Arti singh at 1:06 PM on May 29, 2008

well Radhe, An IT audit should not be confused with a financial statement audit. While there may be some abstract similarities, a financial audit's primary purpose is to evaluate whether an organization is adhering to standard accounting practices. The primary functions of an IT audit are to evaluate the system's efficacy and security protocols, in particular, to evaluate the organization's ability to protect its information assets and properly dispense information to authorized parties. 1. The remit of the Department (for Internal Audit) or the contract (External Audit) in relation to other review and control functions (e.g. information security, risk management, legal)
2. Audit resources i.e. the number of IT auditors, other auditors and their managers, plus the breadth and depth of their experience in IT audit (e.g. in some departments, IT-skilled business auditors cover a lot of areas that would be left to IT auditors elsewhere)
3.Scope of the individual IT audit assignments
4.The audit plan for the period - usually documents the high-risk topics the auditors are likely to cover
5.State of relations with client functions. Whereas some departments refer to formal definitions, ‘audit friendly’ folk tend to be more chilled-out to the extent that auditors may even occasionally be called upon to perform conventional (internal) consultancy rôles.
Typically, however, the IT audit function covers the following areas:

6. Operational computer systems (servers, workstations), networks (LANs, WANs) and data
7.Computer systems under development and/or being tested or implemented
8. The IT Department whether central or distributed and their relationship with management, user departments, end-users, support/admin functions (e.g. Human Resources, Legal), customers, suppliers, partners, regulators etc.

Answered by Romi at 10:17 PM on May 28, 2008

The scope of a particular IT audit is normally defined by the scoping document produced near the start of the assignment – typically it relates to certain key risks of concern to management that centre around the computer and/or telecommunications systems.
The scope of an audit assignment is normally a balance between breadth and depth . Clever audit plans allow for a bit of both through mixing broadly-scoped high-level audits (designed to find the most important risk areas) with narrowly-scoped in-depth audits (to give those pesky high risk areas a thorough going-over), and clever audit managers allow staff to blow the budget on certain jobs that just deserve more time.
The scope of the IT Audit function is defined by a combination of factors, including:

1. The remit of the Department (for Internal Audit) or the contract (External Audit) in relation to other review and control functions (e.g. information security, risk management, legal)
2. Audit resources i.e. the number of IT auditors, other auditors and their managers, plus the breadth and depth of their experience in IT audit (e.g. in some departments, IT-skilled business auditors cover a lot of areas that would be left to IT auditors elsewhere)
3.Scope of the individual IT audit assignments
4.The audit plan for the period - usually documents the high-risk topics the auditors are likely to cover
5.State of relations with client functions. Whereas some departments refer to formal definitions, ‘audit friendly’ folk tend to be more chilled-out to the extent that auditors may even occasionally be called upon to perform conventional (internal) consultancy roles.

Answered by shaista at 5:25 PM on May 28, 2008

An IT audit should not be confused with a financial statement audit. While there may be some abstract similarities, a financial audit's primary purpose is to evaluate whether an organization is adhering to standard accounting practices. The primary functions of an IT audit are to evaluate the system's efficacy and security protocols, in particular, to evaluate the organization's ability to protect its information assets and properly dispense information to authorized parties. The IT audit's agenda may be summarized by the following questions:

Will the organization's computer systems be available for the business at all times when required? (Availability)
Will the information in the systems be disclosed only to authorized users? (Confidentiality)
Will the information provided by the system always be accurate, reliable, and timely? (Integrity)
The IT audit focuses on determining risks that are relevant to information assets, and in assessing controls in order to reduce or mitigate these risks.

Answered by Shobhit at 2:07 PM on May 28, 2008

Audit Scope refers to the activities covered by an internal audit. Audit scope includes, where appropriate:

* Audit objectives
* Nature and extent of auditing procedures performed
* Time period audited
* Related activities not audited in order to delineate the boundaries of the audit

Answered by Sudipta Deb at 11:27 AM on May 28, 2008

An IT audit should not be confused with a financial statement audit. While there may be some abstract similarities, a financial audit's primary purpose is to evaluate whether an organization is adhering to standard accounting practices. The primary functions of an IT audit are to evaluate the system's efficacy and security protocols, in particular, to evaluate the organization's ability to protect its information assets and properly dispense information to authorized parties. The IT audit's agenda may be summarized by the following questions:

Will the organization's computer systems be available for the business at all times when required? (Availability)
Will the information in the systems be disclosed only to authorized users? (Confidentiality)
Will the information provided by the system always be accurate, reliable, and timely? (Integrity)
The IT audit focuses on determining risks that are relevant to information assets, and in assessing controls in order to reduce or mitigate these risks.

Answered by Hem@nt at 10:41 AM on May 28, 2008

well, The scope of the IT Audit function is defined by a combination of factors, including:

1. The remit of the Department (for Internal Audit) or the contract (External Audit) in relation to other review and control functions (e.g. information security, risk management, legal)
2. Audit resources i.e. the number of IT auditors, other auditors and their managers, plus the breadth and depth of their experience in IT audit (e.g. in some departments, IT-skilled business auditors cover a lot of areas that would be left to IT auditors elsewhere)
3.Scope of the individual IT audit assignments
4.The audit plan for the period - usually documents the high-risk topics the auditors are likely to cover
5.State of relations with client functions. Whereas some departments refer to formal definitions, ‘audit friendly’ folk tend to be more chilled-out to the extent that auditors may even occasionally be called upon to perform conventional (internal) consultancy rôles.
Typically, however, the IT audit function covers the following areas:

6. Operational computer systems (servers, workstations), networks (LANs, WANs) and data
7.Computer systems under development and/or being tested or implemented
8. The IT Department whether central or distributed and their relationship with management, user departments, end-users, support/admin functions (e.g. Human Resources, Legal), customers, suppliers, partners, regulators etc.

The scope of an audit assignment is normally a balance between breadth (i.e. the range of matters to be reviewed) and depth (i.e. the amount of detail reviewed in each matter). Clever audit plans allow for a bit of both through mixing broadly-scoped high-level audits (designed to find the most important risk areas) with narrowly-scoped in-depth audits (to give those pesky high risk areas a thorough going-over), and clever audit managers allow staff to blow the budget on certain jobs that just deserve more time..

Answered by Saurabh at 7:33 AM on May 28, 2008