Given that government and public sector operations are increasingly computerized, the auditing of information technology has become one of the central themes of audits conducted by Supreme Audit Institutions worldwide. The systems used have to ensure the protection of the organization’s data and assets as well as contributing to the mission, the area of finances and to other specific goals. While the increasing use of IT has led to improved organizational efficiency and the effectiveness of service delivery, it has also brought with it risks and vulnerabilities. The role of IT audits to ensure adequate procedures for managing IT risks and vulnerabilities is fundamental.
The INTOSAI Working Group on IT Audit (WGITA) and the INTOSAI Development Initiative (IDI) have developed an IT Audit Handbook providing auditors from SAIs with universally recognized good practices and standards for IT audits. The manual provides IT auditors with detailed explanations on the most important areas.
The WGITA –IDI handbook meets the general auditing principles as set out in the ISSAI and also based on internationally recognized IT frameworks such as ISACA’s COBIT, the standards of the International Organization for Standardization (ISO), and IT guidelines and manuals from certain SAIs, in order to provide auditors with a complete set of suggestions on IT audits.
The main objective of the handbook is to provide essential information and key questions for effectively planning IT audits. It is expected to be useful for SAIs as a broad reference and as a practical guide for conducting IT audits.
The original project was run jointly by the presidency of WGITA – specifically India’s SAI – and IDI. Both ininstitutions approved the translation which is now available to Spanish-speaking OLACEFS members. WGITA member SAIs – Brazil, USA, India, Indonesia and Poland – worked together to develop these guidelines.
The translation is a contribution from the OLACEFS Commission for Information Technology and Communications (CTIC).
The current members of the CTICare: the General Audit Office of Argentina (Presidency), Office of the Comptroller General of Bolivia, Office of the Comptroller General of the Republic of Chile, Office of the Comptroller General of the Republic of Colombia, Office of the Comptroller General of the Republic of Cuba, Office of the Comptroller General of the Republic of Ecuador, Court of Audit of the Republic of El Salvador, Superior Audit Office of the Federation of Mexico, Office of the Comptroller General of the Republic of Peru, Court of Auditors of the Oriental Republic of Uruguay and the Honorable Court of Accounts of the Province of Buenos Aires
The handbook can be downloaded here: