The manual presents audit programmes for two

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: eengineering and project management. The manual presents Audit Programmes for two different kinds of audit viz. (i) Audit/Review of the Planning and Acquisition and (ii) Audit/Review of Established ERP System. These programmes are based on the CoBIT framework. The IT auditors could also draw up additional auditee-specific control objectives and application-specific audit procedures for conducting IT Audit of ERP solutions. Audit Programme 1: Enterprise Risk Planning (ERP) – Planning & Acquisition There might be some overlap between the checklist and the Guidelines for Systems Under Development. In case an organization is clearly taking an SDLC approach towards adopting ERP application then the following programmes can be supplemented by the guidelines. No. Item Yes Response No KD PLANNING AND ORGANISATION Strategic IT Plan 1 Whether IT or business enterprise policies and procedures address a structured planning approach? KD Reference: _______________________________ _ 2 Whether a methodology is in place to formulate and modify the plans and at a minimum, they cover: • organisation mission and goals • IT initiatives to support the organisation mission and goals • opportunities for IT initiatives IT Audit Manual Volume III 7 IT Audit Manual No. • feasibility studies of IT initiatives • risk assessments of IT initiatives Item Yes Response No KD • optimal investment of current and future IT investments • re-engineering of IT initiatives to reflect changes in the enterprise's mission and goals evaluation of the alternative strategies for data applications, technology and organization KD Reference: _______________________________ _ 3 4 5 6 7 8 9 10 Whether organisational changes, technology evolution, regulatory requirements, business process reengineering, staffing, in- and out-sourcing, etc. are taken into account and adequately addressed in the planning process? KD Reference: _______________________________ ___________________________________________ Whether long- and short-range IT plans exist, are current, adequately address the overall enterprise...
View Full Document

Ask a homework question - tutors are online