Essay about Process Control and Audit Guidelines

REVIEW GUIDELINES

Level 1 Basic IT examine approach

COBIT Framework Audit Process Requirements Control Observations Generic Taxation Guideline

Level 2 Procedure audit suggestions Level three or more Audit interest points to enhance detailed control objectives

M Detailed Review Guidelines

M Local Circumstances

sector certain criteria industry standards platform specific factors detailed control techniques utilized

AUDIT METHOD REQUIREMENTS

Having defined what we are going to taxation and provide peace of mind on, we have to determine the best approach or perhaps strategy for carrying out our audit work. First we need to identify the correct opportunity of our examine. To achieve this we should investigate, evaluate and determine: • the business processes concerned • the platforms and information devices which are promoting the business process as well as interconnectivity with other platforms or systems • the IT tasks and responsibilities defined, which includes what has become in- or out-sourced • associated business risks and strategic alternatives

The next step is to distinguish the information requirements which are of particular relevance with respect to the organization processes. After that we will need to identify the inherent THIS risks and overall standard of control which may be associated with the organization process. To do this we identify: • the latest changes in the organization environment having an IT impact • recent becomes the IT environment, new developments, and so forth • new incidents tightly related to the settings and business environment • IT monitoring controls applied by management • recent audit and certification information • latest results of self examination

22

THAT GOVERNANCE COMPANY

AUDIT GUIDELINES

On the basis of the knowledge obtained, we could now pick the relevant COBIT processes as well as the resources that apply to them. This could need that certain COBIT processes will need to be audited several times, each time to get a different program or program. One should decide an taxation strategy on such basis as which in depth audit prepare should be further elaborated, elizabeth. g., can be one taking a controls structured approach or a substantive way. Finally, each of the steps, tasks and decision points to conduct the examine need to be deemed. An example of a generic review process (with steps, responsibilities and decision points), following the standard template, is provided in Appendix V.

EXAMINE PROCESS REQUIREMENTS

• establish audit range

J business process concerned J systems, systems and the interconnectivity,

helping the process

L roles, obligations and efficiency structure

• identify data requirements relevant for the business enterprise process • identify natural IT risks and overall level of control

J significance to the organization process

L recent improvements and occurrences in business and

technology environment J effects of audits, self-assessments and certification T monitoring controls applied by management J processes L resources L controls x risk T steps and tasks T decision items

• select processes and platforms to audit

• set taxation strategy

GENERAL IT AUDIT GUIDELINE

Website on page twenty-five (and as well provided being a foldout at the end of this document) presents the generic requirements for auditing IT techniques to provide the first amount of audit recommendations, generally applicable to all procedures. It is mainly oriented toward process understanding and determining ownership and should be a groundwork and research framework for any detailed audit guidelines. A similar template can now be applied to the 34 techniques as identified in the COBIT Framework.

CONTROL PROCESS FINDINGS

The general concepts of control can also source additional perception on how to further complement the Audit Guidelines. These concepts are generally focused on process and control responsibilities, control standards and control details flows. Control, from a management point-of-view, is defined as deciding what...