Planning of IT Audit

There are many ways to plan for the IT audit:-

1. ISACA IS Auditing Standard on Planning. There is also an IS Auditing Guidelines on Use of Risk Assessment in Audit Planning
2. Global Technology Audit Guide (GTAG), Guide 4: Management of IT Auditing
3. FFIEC IT Examination Handbook section on Audit.
4. COBIT can also be used for planing an IT audit. One of the example is aailable at this site:-

• Dexia Bil Group

Whatever way, the most important things are:-

• to understand how IT support the business
• what are the IT risks that could occur
• what is the impact and the likelihood of the IT risks
• to ensure that all the high risk IT activities are covered, if not all then majority of the highest risk (priority should be gien to the highest risk)