IS Audit Basics: Developing the IT Audit Plan Using COBIT 2019

The IT Assurance Framework (ITAF) requires that the IS audit and assurance function shall use an appropriate risk assessment approach and supporting methodology to develop the overall IS audit plan and determine priorities for the effective allocation of IS audit resources. However, despite this requirement, there is little ISACA documentation on defining an IT audit plan. Perhaps this is because the seminal Developing the IT Audit Plan Global Technology Audit Guide (GTAG 11) is so good. Nonetheless, this document was published in July 2008, so the question should be asked, given current practices, can this be improved upon?

In December 2018, ISACA published what I believe will become an equally influential document, the COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution. I am proposing that the steps described therein for designing a tailored governance system can be adopted to developing the IT audit plan.

Learn More