IT Audit Planning

Questions and Answers

What is the purpose of establishing short-term and long-term audit schedules in an IT audit function?

• To increase the workload of the IT audit function.
• To ensure appropriate attention is given to the audit function responsibilities as per the audit charter. (correct)
• To limit the understanding of enterprise mission and objectives.
• To reduce the involvement of the audit committee.

What should an IT auditor do to effectively develop long- and short-term audit schedules?

• Identify and understand recent changes in the enterprise business environment. (correct)
• Focus exclusively on short-term schedules to avoid long-term planning.
• Avoid performing a risk assessment of areas subject to audit within the audit universe.
• Disregard enterprise mission, objectives, and processes.

Why is a risk assessment important for an IT auditor in developing long- and short-term audit schedules?

• To avoid understanding the enterprise mission and objectives.
• To escalate the workload of the IT audit function.
• To identify risk and threats to an IT environment and IT system. (correct)
• To limit the involvement of the audit committee.

Who should short-term and long-term audit schedules be agreed on with?

Those charged with governance and oversight (e.g., audit committee). (D)

What assists an IT auditor in selecting certain areas to examine and in evaluating IT controls?

Risk assessment methodologies (B)

What is the purpose of the audit universe?

To identify areas for audit during the planning process (A)

How is the structure of the audit universe driven?

By the enterprise's risk profile (D)

What does the risk assessment assist in creating?

Audit schedule (B)

What should an IT auditor consider when ranking elements of the audit universe?

The level of complexity and detail appropriate for the enterprise (B)

What drives the structure of the audit universe?

Enterprise business processes (A)