KnowledgeLeader provides best practice articles, tools, guides and other resources on internal audit. This page contains some examples of the many resources and templates on information technology (IT) audit that are available for download. For more tools and publications on this subject, visit our IT Audit topic area.
Information Technology (IT) Infrastructure Questionnaire
This tool helps auditors gather information to better understand the IT infrastructure of a company.
Technology Change Management (TCM) Audit Principles Guide
This document outlines guiding principles that should be applied to technology change management (TCM) audits. It also includes answers to ‘whys’ and ‘how’s’ under each principle.
IT Risk Assessment Audit Report
This report outlines findings from a high-level IT risk assessment at a company.
IT Due Diligence Questionnaire
This sample questionnaire evaluates IT management, personnel, contractors, networks, operating systems, applications, change management, data, disaster recovery, operations, third-party services, laptops/workstations, security, and spreadsheets.
IT Risks and Controls Review Report
The objective of this audit report is to reduce the volume of controls across applications, infrastructure and IT processes in order to improve consistency and focus on key risks.
IT Organization Audit Work Program
This document outlines steps to perform an IT organization audit.
Internal Audit Risk Assessment Questionnaire
Internal audit performs a risk assessment to identify and prioritize key risks to best allocate the internal audit resources for the next year. This risk-based approach is focused on surveys/interviews of a cross-section of management personnel to solicit input from the potential customers of an internal audit function.
2018 IT Audit Benchmarking Survey
The results of the latest global IT Audit Benchmarking Study from ISACA and Protiviti paint a vivid picture of the ways IT audit leaders and professionals are succeeding, as well as where they need to “step up their games,” especially given the omnipresent nature of digital transformation efforts, cyber security risk and technological advancements. This year’s results identify several areas of progress; however, there is still work to be done in order for IT audit functions to deliver the strategic insights and real-time risk advances key stakeholders expect, and also help their organizations address the transformation of legacy technologies and the rapid rise in the number and severity level of cyber security risks.
2017 IT Audit Benchmarking Survey
The results of the latest IT Audit Benchmarking Study from ISACA and Protiviti illustrate the increasingly integrated role IT audit leaders and professionals are assuming in regard to technology initiatives in their organizations.
An Involved and Agile IT Audit Function Is Key to Cybersecurity
This article lists some questions for you to consider as you seek greater IT audit agility to manage cybersecurity and an action item checklist specifically for internal audit departments seeking to build that relationship and increase the agility of the IT audit function.
IT Governance Capability Maturity Model (CMM)
This document focuses on the capability maturity model for the IT governance process. This capability maturity model (CMM) describes a maturity curve on these capability levels: initial/ad hoc, repeatable, defined, managed, and optimized, along with these parameters: strategic alignment, value delivery, risk management, resource management, and performance management.
IT Audit Webinar: Your Questions Answered
This article answers some of the audience questions received during Protiviti’s webinar reviewing the results from the 6th Annual IT Audit Benchmarking Study performed with ISACA.
The Internet of Things: A Game Changer for IT Audit
Protiviti Managing Director Anthony Chalker recaps his recent panel discussion at ISACA’s 2017 North America CACS Conference in Las Vegas. The discussion was about how the Internet of Things (IoT) continues to transform the mission of IT auditors. IT auditors now routinely must take steps to provide assurance over systems that are no longer under their direct control.
Introduction to Information Technology (IT) Audit (KLplus CPE Course)
Information Technology (IT) in today's business environment has a direct impact on a company's risk, and this relationship to risk should be an important driver in the internal audit process. IT performs or provides the information needed for many key controls in the business process, but it also brings inherent vulnerabilities.
Five Ways Technology, Media and Communications Companies Are Using RPA and AI to Save Money and Improve the Customer Experience
This article explores five emerging AI and RPA applications Protiviti is watching within the technology, media and communications (TMC) industry group.