KnowledgeLeader provides best practice articles, tools, guides and other resources on internal audit. This page contains some examples of the many resources and templates on information technology (IT) audit that are available for download. For more tools and publications on this subject, visit our IT Audit topic area.
Information Technology (IT) Infrastructure Questionnaire
This tool helps auditors gather information to better understand the IT infrastructure of a company.
Technology Change Management (TCM) Audit Principles Guide
This document outlines guiding principles that should be applied to technology change management (TCM) audits. It also includes answers to ‘whys’ and ‘how’s’ under each principle.
IT Change Management Policy – Sample 3
This sample policy helps to define the current change management processes in an organization. The scope of this document is limited to development and changes to applications; database structures; and IT infrastructure (including hardware, system software and configurations).
IT Risk Assessment Audit Report
This report outlines findings from a high-level IT risk assessment at a company.
IT Due Diligence Questionnaire
This sample questionnaire evaluates IT management, personnel, contractors, networks, operating systems, applications, change management, data, disaster recovery, operations, third-party services, laptops/workstations, security, and spreadsheets.
IT General Controls: Program Development Audit Work Program
This work program focuses on auditing the program development process.
IT Risks and Controls Review Report
The objective of this audit report is to reduce the volume of controls across applications, infrastructure and IT processes in order to improve consistency and focus on key risks.
IT Organization Audit Work Program
This document outlines steps to perform an IT organization audit.
Internal Audit Risk Assessment Questionnaire
Internal audit performs a risk assessment to identify and prioritize key risks to best allocate the internal audit resources for the next year. This risk-based approach is focused on surveys/interviews of a cross-section of management personnel to solicit input from the potential customers of an internal audit function.
Internal Audit Planning Memorandum
This memo captures all details for planning an internal audit, such as the internal audit team members’ names and roles, duration of the internal audit, location of the internal audit, company business hours, key contacts, internal audit scope and approach, deliverables, high-level work program, and high-level work schedule.
2018 IT Audit Benchmarking Survey
The results of the latest global IT Audit Benchmarking Study from ISACA and Protiviti paint a vivid picture of the ways IT audit leaders and professionals are succeeding, as well as where they need to “step up their games,” especially given the omnipresent nature of digital transformation efforts, cyber security risk and technological advancements. This year’s results identify several areas of progress; however, there is still work to be done in order for IT audit functions to deliver the strategic insights and real-time risk advances key stakeholders expect, and also help their organizations address the transformation of legacy technologies and the rapid rise in the number and severity level of cyber security risks.
2017 IT Audit Benchmarking Survey
The results of the latest IT Audit Benchmarking Study from ISACA and Protiviti illustrate the increasingly integrated role IT audit leaders and professionals are assuming in regard to technology initiatives in their organizations.
An Involved and Agile IT Audit Function Is Key to Cybersecurity
This article lists some questions for you to consider as you seek greater IT audit agility to manage cybersecurity and an action item checklist specifically for internal audit departments seeking to build that relationship and increase the agility of the IT audit function.
IT Governance Capability Maturity Model
This document focuses on the capability maturity model for the IT governance process. This capability maturity model (CMM) describes a maturity curve on these capability levels: initial/ad hoc, repeatable, defined, managed, and optimized, along with these parameters: strategic alignment, value delivery, risk management, resource management, and performance management.
IT Audit Webinar: Your Questions Answered
This article answers some of the audience questions received during Protiviti’s webinar reviewing the results from the 6th Annual IT Audit Benchmarking Study performed with ISACA.
The Internet of Things: A Game Changer for IT Audit
Protiviti Managing Director Anthony Chalker recaps his recent panel discussion at ISACA’s 2017 North America CACS Conference in Las Vegas. The discussion was about how the Internet of Things (IoT) continues to transform the mission of IT auditors. IT auditors now routinely must take steps to provide assurance over systems that are no longer under their direct control.
IT Audit Benchmarking Webinar: David Brand and Robert Kress Answer Your Questions
It has been a few months since the release of Protiviti’s 5th Annual IT Audit Benchmarking Survey (conducted jointly with ISACA)—documenting the top tech challenges of executives and IT professionals around the world. Protiviti’s David Brand and Accenture’s Bob Kress presented on the webinar and took the time to provide answers to many of the questions received from the audience in this article.
Introduction to Information Technology (IT) Audit (KLplus CPE Course)
Information Technology (IT) in today's business environment has a direct impact on a company's risk, and this relationship to risk should be an important driver in the internal audit process. IT performs or provides the information needed for many key controls in the business process, but it also brings inherent vulnerabilities.
Five Ways Technology, Media and Communications Companies Are Using RPA and AI to Save Money and Improve the Customer Experience
This article explores five emerging AI and RPA applications Protiviti is watching within the technology, media and communications (TMC) industry group.