Audit plan. An individual audit plan needs to drawn up from which the Ghantt chart can be developed. It is vital that a uniform reference system is developed that is the same for all audits. These references must be used in the audit plan and also used as the suffix to references in the audit working papers. This will facilitate cross referencing of the plan to the working paper as thus enabling the auditor to validate that each section of the plan has been fully addressed. The audit plan should be developed in terms of the APM and should be discussed in detail with the client prior to implementation. It may be valuable for the client to sign off the audit plan after the discussion indicating his/her concurrence with the plan.

Audit Program. The audit program is the document from which the Ghantt chart is developed. This consists of each of the activities and sub activities that will be completed in performing the audit.

Audit Planning Memorandum (APM). This provides a document for discussion and agreement between the client and the service provider. Once the service provider is satisfied with the APM then he/she signs his/her acceptance of the APM. This forms the basis of the contact for the audit.   Each audit differs from the other, therefore it is vital to develop an audit plan (see audit plan) concurrently with the APM, thus providing input from the plan into the APM. Changes to the APM scope will impact of the duration of the audit and thus must be updated in the audit plan and the resultant adjustment in audit period should be reflected back into the APM. This in turn will adjust the costing of the audit.

Ghantt chart. Audits do not necessarily run sequentially. There are times when two or more processes can be running at the same time. A Ghantt chart will enable the auditor to plan accordingly. It will also act as a measure against which he/she can measure his progress in terms of his original plan.

Working Papers. There are a variety of working papers. These will be discussed under that heading.

Audit Reports. These are entirely dependent on the nature and duration of the audit. As a minimum it is suggested that at least two reports are generated for every audit these are an executive overview that is written in language that is understandable by the business, and a detailed report that is focused on the IT staff to facilitate them addressing the control gaps that may exist in their system. However on a large project the client may also wish for interim reports, on a SDLC audit the client may require an audit report as each section of the SDLC is completed and signed off.

Information Request Form

Select the items that apply, and then let us know how to contact you.

  Send service literature
  Please could workshop individual IT Audit Documentation Summary.
  Please contact me