IT审计模版.docx-资料库

itenjus-10658454-4744302543309120120.docx.pdf-第1页.png

第1页 / 共12页

itenjus-10658454-4744302543309120120.docx.pdf-第2页.png

第2页 / 共12页

itenjus-10658454-4744302543309120120.docx.pdf-第3页.png

第3页 / 共12页

itenjus-10658454-4744302543309120120.docx.pdf-第4页.png

第4页 / 共12页

itenjus-10658454-4744302543309120120.docx.pdf-第5页.png

第5页 / 共12页

itenjus-10658454-4744302543309120120.docx.pdf-第6页.png

第6页 / 共12页

itenjus-10658454-4744302543309120120.docx.pdf-第7页.png

第7页 / 共12页

itenjus-10658454-4744302543309120120.docx.pdf-第8页.png

第8页 / 共12页

IS Audit Report Template The template that begins on page 2 of this document is to be used in developing an IS audit report. Several factors impact the content and length of the report, such as:  Type of audit Complexity of entity operations and systems   Number of audit objectives and audit findings  Different readership categories  Details needed to make the content understandable  Disclosures  Required supplemental information For example, reports that are made available to the public are likely to contain more explanatory material than internal audit reports that are submitted solely to auditee management within an organisation. NOTES: 1. This template includes recommended standard language and identifies areas where audit- specific information should be included. For additional guidance, see the section on audit report content. 2. The text in green/italics format indicates template instructions that should be replaced with relevant text. © 2015 ISACA All rights reserved. 1

INDEPENDENT AUDITOR’S REPORT [Insert name of the audit organisation] [Insert name of the auditee organisation] [Insert start date to end date of the audit period covered by the audit] © 2015 ISACA All rights reserved. 2

[Insert date of audit report issuance] [Insert name of auditee organisation] [Insert address and country of auditee organisation] We are presenting the results of our IT audit [insert audit title] covering the period of [insert start date to end date of the audit period]. The report includes our conclusions and/or opinion regarding the [insert abbreviated statement of scope] and [summarised statement of audit objective(s)]. The audit was conducted in accordance with the IS Audit and Assurance Standards and IS Audit and Assurance Guidelines issued by ISACA and [insert any additional auditing standards relevant to the audit]. We believe that the evidence obtained provides a reasonable basis for our conclusions and findings regarding the audit objectives. [Insert signature of chief auditor or signed name of the audit organisation including location] © 2015 ISACA All rights reserved. 3

TABLE OF CONTENTS Section Page Introduction...................................................................................................... Executive Summary........................................................................................... Audit Scope....................................................................................................... Audit Objectives................................................................................................ Methodology..................................................................................................... Audit Results or Audit Findings......................................................................... 1....[Name of audit area for finding number]............................................ 2....[Name of audit area for finding number]............................................ 3....[Name of audit area for finding number]............................................ Audit Conclusions (or Opinion)......................................................................... Appendices (by example).................................................................................. © 2015 ISACA All rights reserved. 4

INTRODUCTION [An introduction typically includes the following details:] Description of the business [Typically includes a high-level description of the business organisation, which includes its mission, primary business objectives, customer/client base, and location (worldwide provider of X headquartered in Y).] High-level description of the applicable IT infrastructure [Typically includes a high-level description of the IT infrastructure applicable to the audit.] High-level statement of purpose [Typically includes a high-level statement of the purpose of the audit to support the understanding of external readers of the report. For example, for a general controls audit you can state “Our audit focused on an examination of certain IT general controls over and within the [insert name of auditee entity] business operations and/or IT environment.] IT area that is the subject of the audit [Identify the IT area (function, system, project or other) that is the subject of the audit).] © 2015 ISACA All rights reserved. 5

AUDIT SCOPE In accordance with [insert source of audit authority, such as audit charter, law or contract agreement], we performed an audit of [insert primary topic area of audit scope] at the [insert name of auditee organisation], for the period of [insert start date to end date of the audit period covered by the audit]. The scope of our audit consisted of an evaluation of [insert IS audit area, such as function, system, IS or business project]. The audit was conducted in accordance with the IS Audit and Assurance Standards and IS Audit and Assurance Guidelines issued by ISACA [insert other applicable standards and guidelines]. Those standards require that the audit be planned and performed to obtain sufficient, relevant and valid evidence to provide a reasonable basis for the conclusions, opinions and audit findings (if any). [If the auditee is likely to expect reviews or examinations that are not included under the scope of the engagement, the audit scope section should identify the limitations. An example is, ‘Our scope was limited to an examination of controls regarding physical security and disaster recovery testing’.] © 2015 ISACA All rights reserved. 7

AUDIT OBJECTIVES Our audit objective was to determine whether adequate controls were in place and in effect to provide reasonable assurance that [insert statement of what is to be attained through the use of controls]. [For example, ‘Our audit objective was to determine whether adequate controls were in place and in effect to provide reasonable assurance that only authorised users could access the (insert name of IS system)’.]. [Because this section may include more than one audit objective, objectives should be presented in a logical order in terms of importance and whether more-specific objectives come under overarching audit objectives. For internal control examinations and performance audits, statements of audit objectives should be directly tied to the related control or operational objectives. In addition, audit objectives should use language such as ‘To determine whether, to assess or to evaluate’ and not use language such as ‘The purpose of the audit is to ensure that adequate controls . . .’ because that is auditee responsibility.] [If it is an internal control examination, include a statement that professionals have conducted the audit engagement to express an opinion on the effectiveness of control procedures.] [The maintenance of an effective internal control structure, including control procedures for the area of activity, is the responsibility of management.] © 2015 ISACA All rights reserved. 8

资料库

IT审计模版.docx

相关推荐

信息化

热门标签

最新资料