Welcome » IT Booklets » Audit » IT Audit Roles and Responsibilities » Internal IT Audit Staff
The primary role of the internal IT audit staff is to assess
independently and objectively the controls, reliability, and
integrity of the institution's IT environment. These assessments
can help maintain or improve the efficiency and effectiveness of
the institution's IT risk management, internal controls, and
Internal auditors should evaluate IT plans, strategies,
policies, and procedures to ensure adequate management oversight.
Additionally, they should assess the day-to-day IT controls to
ensure that transactions are recorded and processed in compliance
with acceptable accounting methods and standards and are in
compliance with policies set forth by the board of directors and
senior management. Auditors also perform operational audits,
including system development audits, to ensure that internal
controls are in place, that policies and procedures are effective,
and that employees operate in compliance with approved policies.
Auditors should identify weaknesses, review management's plans for
addressing those weaknesses, monitor their resolution, and report
to the board as necessary on material weaknesses.
Auditors should make recommendations to management about
procedures that affect IT controls. In this regard, the board and
management should involve the audit department in the development
process for major new IT applications. The board and management
should develop criteria for determining those projects that need
audit involvement. Audit's role generally entails reviewing the
control aspects of new applications, products, conversions, or
services throughout their development and implementation. Early IT
audit involvement can help ensure that proper controls are in place
from inception. However, the auditors should be careful not to
compromise, or even appear to compromise, their independence when
involved in these projects.