ABSTRACT
Management typically deploys organization, policies, procedures, personnel, accounting, budgeting, reporting, and internal control reviews to control an entity. A control intent is to ensure the achievement of organizational objectives. Conveying the control criticality message across industries is the increasing public and private demands to institutionalize ISG with exceptional program oversight. The typical audit for assuring entity controls applies a risk-based approach. All IT audit team members involved in an ISG assurance engagement can leverage the risk-based approach to justify auditable unit activity selection. The IT audit system’s general structure is planning the approach, studying and evaluating controls, testing and evaluating controls, reporting engagement results, and following-up on findings. Assessing ISG is a critical audit service element contributing to an entity’s strategic alignment, value delivery, risk management, resource management, and performance measurement. Chapter 7 presents how to apply important IT audit methods from a system perspective when examining ISG managerial processes.
