Efficiency of the application in meeting the business processes.
Impact of any exposures discovered.
Business processes served by the application.
Traffic analysis reports.
Tracing purchase orders to a computer listing
Comparing receiving reports to purchase order details
Testing whether inappropriate personnel can change application parameters.
Reviewing the application documentation
Be dynamic and often change to coincide with the changing nature of technology and the audit profession.
Clearly state audit objectives for, and the delegation of, the authority to the maintenance and review of internal controls.
Document the audit procedures designed to achieve the planned audit objectives.
Outline the overall authority, scope, and responsibilities of the audit function.
Scheduling may be performed months in advance.
Resources are allocated to the areas of highest concern.
Staff will be exposed to a variety of technologies
Budgets are more likely to be met by the IS audit staff.
Ensuring approval for parameter changes
Reviewing password history reports
Checking a list of exception reports
Using a statistical sample to inventory the tape library.
Appropriate levels of protection are applied to information assets.
A basic level of protection is applied regardless of asset value.
Information assets are overprotected.
An equal proportion of resources are devoted to protecting all information assets.
Does not require an IS auditor to collect evidence on system reliability while processing is taking place.
Requires the IS auditor to review and follow up immediately on all information collected.
Can improve system security when used in time-sharing environments that process a large number of transactions.
Does not depend on the complexity of an organization's computer systems
Controls needed to mitigate risks are in place.
Vulnerabilities and threats are identified.
Audit risks are considered.
A gap analysis is appropriate
Improve response time for users.
Establish accountability and responsibility for processed transactions.
Improve the operational efficiency of the system.
Provider useful information to auditors who may wish to track transactions