Internal auditors are under increasing pressure to add value to what is valued while, at the same time, helping to protect their enterprises from risk such as cyberattacks. In addition, an internal audit will likely tie up key IT resources that should also be creating value for the enterprise. It is, therefore, becoming ever more vital to plan what will be audited, when it will be audited and by whom. Indeed, a plan should be a detailed formulation of a program of action.
Former US President Abraham Lincoln once famously said, “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.” He was, of course, discussing the need to spend time planning. In internal audit, an important part of this planning should go into developing the IT audit plan.
In December 2018, ISACA published the COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution. It includes some new concepts to help enterprises design a tailored governance system. In my recent Journal column “Developing the IT Audit Plan Using COBIT 2019,” I propose repurposing these new concepts and marrying them to a more familiar concept—portfolio management—to develop an IT audit plan that should be closely aligned with the business strategy and direction.
Read Ian Cooke’s recent Journal article:
“Developing the IT Audit Plan Using COBIT 2019,” ISACA Journal, volume 3, 2019.