Summary
In this chapter, you learned to establish an IT Audit management program to mitigate information technology risks. The scope of an IT Audit plan includes testing general computer controls, as well as application controls. IT Audit approach requires an assessment of the controls framework adopted by the IT organization. In addition, we have provided instruction to set up IT and Application controls using Oracle GRC Control Suite, which can be deployed to improve your overall control environment.
IT Audit plan starts by reviewing the control documentation that defines the IT standards, organization structure, budgets, policies, and procedures. IT auditors evaluate controls in many different ways, including manual control testing, assessment of periodic end-user surveys, and effectiveness of monitoring controls. Oracle GRC Manager can be used to manage the IT Audit plan.
Organization can improve the overall control environment by automating IT general controls and application controls...
