Gratis bezorgd door heel Nederland.

Bezorgd binnen 5 werkdagen na uw bestelling.

Model Based Development of Audit Terms of Reference

A Structured Approach to IT Auditing

The basic instrument used in the audit process is an Audit Terms of Reference (AToR). In current practice, we face problems in developing AToRs, namely that each IT auditor has his or her own way of developing them. The AToR so developed consists of a mix of detailed and general rules concerning the control measures to be assessed. The selection of these controls is not supported by any method. The topics to which the detailed and general rules are related do not always show clear relationships. Furthermore, each criterion within the AToR is formulated differently. This way of working has been classified as a “rule based” approach.
The absence of a method or a systematic IT audit approach may have consequences for the results of an audit. Lack of coherence and profundity of criteria within the AToR, or an incorrect scope and delineation of an IT object to be audited may lead to deficiencies in an AToR and may cause IT audit risks. An unstructured AToR may lead to an inappropriate audit opinion.
This study provides a solution to this problem. It is a “principle based” approach. This approach is based on a conceptual framework, which consists of three components: Structure, Content and Form. The component “Structure” refers to a multi layer structure and is based on a general system pattern. The component “Content” refers to a pattern of concepts and is based on a multi view approach (i.e. Means-End view). Audit principles can be formulated based on these concepts. The component “Form” refers to a semi-formal grammar for defining principles consistently. The framework has been developed based on pre-defined criteria that have been grouped and related to the components Structure, Content and Form. These criteria help in grounding these components and hence this approach.
The framework makes it possible to assign a specific type of audit principle to a specific layer of the structure and provides guidance in selecting and formulating audit principles. Therefore, we would advise you to study this approach and use it in practice
Wiekram B. Tewarie studied Information science at the University of Amsterdam (UvA) and attended the post-graduate IT Audit course at the University of Tilburg (UvT/TiasNimbas). He carried out his PhD research at the Vrije University in Amsterdam, while continuing to work full-time. Currently he is a senior IT auditor in the Accountancy department of UWV (National Social Security Agency).