Here’s some links for Audit and IT Audit for dummies, one from the IIA, the other from ISACA. Neither require being a member or logging in.
While these articles are not extensive, they will point new auditors in the right direction, and provide a refresher for the rest of us.
For all auditors, IIA’s Back to Basics features topics such as:
Plan a Successful Audit
Gather Information from Clients
Conduct Effective Kickoff Meetings
Develop Attribute Sampling Plans
Produce Quality Workpapers
For IT auditors, an advanced Google search of isaca.org for the phrase “IT auditor should know about” provides a series of articles by Tommie W. Singleton such as:
What Every IT Auditor Should Know About Auditing Social Media
What Every IT Auditor Should Know About Access Controls
What Every IT Auditor Should Know About SamplingĀ
Check out theĀ IIA’s Back to Basics link and the IT Audit Google search for all the available topics.
See also IIA IT Audit Programs and IIA IT Audit Basics (requires login).
Here’s a shout out to madzutopia who left me a comment about audit basics, so I hope this helps.
This is what I love about the professional institutes, telling it’s members the obvious.
My dear sarcastic Monkey,
These things are not obvious to all. Where they always obvious to you? Keep in mind that not everyone comes to auditing from an auditing background. I didn’t. I came out of IT and security.
Obvious or not, I’m getting at least 20 hits per day on this topic, so people are interested in it. Have a good day anyway!
But the ‘Back to Basics’ suggests a retrospective review. And yes, for the record, I’m not interested!
Then you better not come back for my next topic. I doubt you’ll be interested in that one either.
OK! But seriously, I’m after technical detail, not how to audit.
Just a heads up, the hyperlink to the IIA’s Back to Basics article “Plan a Successful Audit” leads to their “Gather Information from Clients” article instead.
As an internal auditor with a long time interest in IT and security, I enjoy reading your blog, it’s interesting. Plus the ACL training links you posted were useful, so thanks.
Hey Will,
Thanks for the correction. I check my links before I publish, but I notice some still get by. I rarely get comments about brain leaks like this, and I wish I received more. Thanks for taking the time to comment and for the encouragement. Few readers do it.
The few that do are treasured…
More ACL to come….Skyyler is working on how to create a script to import files into ACL. It’s almost done, so maybe next week. If anyone has specific ACL stuff they’d like Skyyler to dive into, let us know.
I think the hyperlinks must have been merged or something, now they’re both pointing to “Plan a Successful Audit.”
Excellent on the ACL content, that should be interesting. Scripting in ACL is something I haven’t messed with much, but I’d like to get into it.
Will,
Thanks again. They were merged together. I must have had them on the same line and then separated them. Frustrating. But fixed.
As for scripting, much of it is so easy. Some of it is complicated, and ACL doesn’t do a good job of explaining scripting options/commands, in my opinion. But it can be done, and it can be loads of fun and save a ton of time.
If you have the desire and can logically step through commands, you can master scripting, Will. Follow Skyyler’s next post and you’ll find how easy some scripting can be. We’ll be looking for your input after you tried it.
I’ve seen Skyyler’s rough draft of his next post and it’s good. Maybe someday Skyyler will write some post on scripting basics. The basics ARE really easy and simple scripts are not hard to master.
Skyyler has shown me stuff that I haven’t found documented anywhere. We just have to get it out of Skyyler’s skull.
One thing I”d add to Effective Kickoff Meetings….Ask attendees whether any of the key contacts have any upcoming vacations, IT code freezes, special projects, pregnancies, and what-not that may make getting all the data, discussing findings, and completing other audit tasks hard to accomplish with the proposed schedule. That will often save you a lot of grief down the road and hassle getting the audit rescheduled.