| Audit Program | ||||||||||||||
| Checklist for Compliance With "The Standards" | ||||||||||||||
| Key Issues: | ||||||||||||||
| Develop and record work programs to achieve the objectives | ||||||||||||||
| Establish procedures for identifying, analyzing, evaluating, and recording information | ||||||||||||||
| Approved before work | ||||||||||||||
| Any adjustments approved promptly | ||||||||||||||
| Consulting audit programs may vary in form and content | ||||||||||||||
| Depends upon nature of the engagement | ||||||||||||||
| Checklist: | ||||||||||||||
| During planning, document in audit/work program | ||||||||||||||
| Procedures for collecting, analyzing, interpreting, and documenting information | ||||||||||||||
| Select in advance, testing and sampling techniques | ||||||||||||||
| Objectives of the engagement | ||||||||||||||
| Scope | ||||||||||||||
| Degree, nature and extent of testing required | ||||||||||||||
| Technical aspects, risks, processes, and transactions that should be examined | ||||||||||||||
| Determine and document reporting procedures | ||||||||||||||
| Determine period covered and estimated completion dates | ||||||||||||||
| Consulting engagement audit programs | ||||||||||||||
| May vary in form and content depending upon nature of engagement | ||||||||||||||
| Document terms, understandings, deliverables, and other key factors | ||||||||||||||
| Understanding about the objectives | ||||||||||||||
| Scope of work to ensure | ||||||||||||||
| Professionalism | ||||||||||||||
| Integrity | ||||||||||||||
| Credibility | ||||||||||||||
| Reputation | ||||||||||||||
| Design objectives to meet the needs of management | ||||||||||||||
| Document | ||||||||||||||
| Objectives | ||||||||||||||
| Scope | ||||||||||||||
| Methodology to be used in satisfying the objectives | ||||||||||||||
| Format for communicating the results | ||||||||||||||
| Monitor the results as agreed upon with the client | ||||||||||||||
| Applicable Standards: | ||||||||||||||
| IIA International Standards for the Professional Practice of Internal Auditing, #2200 | ||||||||||||||
| Other Resources/References: | ||||||||||||||
| Audit Program - Developing | ||||||||||||||
| Audit Program Requirements - GAGAS | ||||||||||||||
| Audit Programs - IT | ||||||||||||||
| Business Organization - Operational Integrity, Risk Assessment, Policies & Procedures, Business Continuance Plan & Disaster Recovery, Data Integrity | ||||||||||||||
| Connected Organization - Building, Maintaining, Using & Administering Networks | ||||||||||||||
| Logical Organization - Network Protocols and Layers, Operating Systems & Application Access | ||||||||||||||
| Managed Organization - Testing, Management, Alert Procedures, Log Analysis, Reporting, Documentation | ||||||||||||||
| Physical Organization - Cabling Technologies, Topologies, Network Devices, Network Technologies/Architectures | ||||||||||||||
| Secure Organization - Legislation, Security Architecture, Physical Security, Logical Security, Security Policy | ||||||||||||||
| Additional Resources available to YourIAM subscribers (OSHA Controls Evaluation, Healthcare, etc.) | ||||||||||||||