During an IT audit, if the auditee disagrees with the impact of a finding, it is important for the IT auditor to elaborate and clarify the risks and exposures, as the auditee may not fully appreciate the magnitude of the exposure. The goal should be to enlighten the auditee or uncover new information of which the IT auditor may not have been aware. Anything that appears to threaten the auditee will lessen effective communications and set up an adversarial relationship. By the same token, the IT auditor should not automatically agree just because the auditee expresses an alternate point of view at the end of an IT audit
In an IT audit, Attribute sampling is the primary sampling method used for compliance testing. Attribute sampling is a sampling model that is used to estimate the rate of occurrence of a specific quality (attribute) in a population and is used in compliance testing to confirm whether the quality exists. The other choices are used in substantive testing, which involves testing of details or quantity.
Related Tags: IT Compliance, CISA, CISM, IT Governance, IT audit
Custom Search
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment