IT Process Description

By Monica Reynolds,2014-11-13 15:04
16 views 0
IT Process Description

    Internal Audit Department


Identification No.:

    Version No.: v 1.0

    30.10.2003 Effective Date:

    No. of pages:


    IT Internal Audit process

    Arranged by: Sinisa Jankovic

     (sinisaj@eunet.yu ) Date: 20.10.2003 Edited and Verified by

     Date: 30.10.2003

    Verified by :



    Verified by



     Verified by

     Date : 31.10.2003

     Approved and instructed by: Process Owner Date : 31.10.2003

    Approved and instructed by: Date:

     This document is the intellectual property of _________________

    It shall neither be copied, nor disclosed without the express consent of the person approving it.

     Internal Audit Department


    Version Date Brief description of the modification

    1.0 30.10.2003 First Version


    Any printout or copy of this document may be made for internal use and for information purposes only by persons with proper authorization or those included in the list of Authorized Recipients. Valid versions of ____________ documents are in electronic format in _________________.

    This document shall be updated so as to be consistent with any changes concerning technical, organizational, quality, etc. aspects. Unless there are changes in the rules and regulations, IT shall be reviewed by its author every year from the date when first introduced.


    To define the multilevel integration of management information system, information security management system and IT internal audit activities, in order to identify and improve the appropriate sections within the audited IT department.


The scope of IT IA process description is defined in the area of IT Internal Auditor’s

    responsibilities and authorities as a set of IT IA actions, and audited IT department concerning policies, process maps, process descriptions/procedures, instructions, records, powers and responsibilities, and activities connected with other documents (internal or/and external).


    The powers and responsibilities for IT Internal Auditor are described in the Responsibilities and Authorities IT IA document.


IT Security Survival Guide, TechRepublic?.

    ISO 17799 - Code Of Practice for IT management.

    ISO 19011 Guidelines for quality and/or environmental management system auditing. CRIMINAL LAW (CHART 16A, 39/2003-6)

PD-01 __________________ Version 1 All rights reserved! Page 2 / 9

     Internal Audit Department


    MIS - management information system ISMS - information security management system QMS - quality management system

    ISO - international standard organization IT IA - information technology internal audit (IT IA Training Glossary, reference material) 6. FLOWCHART OF THE IT IA PROCESS


     Managements 1 request for IT . IA plan Creating Annual IT IA IT IA Plan Draft

    IT IA Plan Draft

    2IT IA Plan Draft

    . Reviewing IT IA Plan Head of IA (Supervisory Reviewed Board) IT IA Plan


    . Is IT IA No Plan ready for approving?

     Yes Reviewed 4 IT IA Plan . Approving of IT IA Plan Approved Head of IA (Supervisory IT IA Plan Board)


PD-01 __________________ Version 1 All rights reserved! Page 3 / 9

     Internal Audit Department


     5Approved IT IA Plan . Announce IT IA Announcement ment IT IA IT IA

    Documenta tion request

     IT 6 Documentation . Checklist Collecting documents IT IA Detail Plan for IT IA

     Detail Plan for IT IA 7Check List . NCR’s Realisation of IT Audit IT IA Summary

    Report Draft


     8Summary Report Draft . Creating final IT IA IT IA report Summary Report

    9 Summary

    Report . Reviewing IT IA Report

    Head of IT, Head of IA Reviewed Summary



PD-01 __________________ Version 1 All rights reserved! Page 4 / 9



     Internal Audit Department



     Yes Are there any discrepancies in the IT IA Report?


    Approved 11 Summary . Report Archiving the IT IA

    Head of IT, Head of IA. Report Archive of IT IA Summary



     Are there any No Non THE END conformities with HIGH priority?


     13NCR’s confirmation . Receiving IT responsible staff Conformation Creating Follow up Plan Follow up Plan

     14NCR’s confirmation . Follow Up Audit IT IA Draft Report

     1615 . No . Is non conformity New NCR’ corrected? New NCR ‘s



PD-01 __________________ Version 1 All rights reserved! Page 5 / 9

     Internal Audit Department


     17Draft Follow up . Report Follow up IT IA Report IT IA Final Follow up Report

     THE END


Job performing Block Activity (Step)

    [job position] [No. & name] Click and explain each step/activity]

    1 According to management requirements IT Internal Auditor creates Creating Annual IT the Plan draft version, for realization of IT IA. IT Internal Auditor IA Plan Draft should be in contact (mail, telephone) with Internal Audit and IT

    departments in order to create appropriate plan.

    Output: Draft IT IA Plan

    2 According to created IT IA Plan, Head of IA and Supervisory Board Reviewing IT IA review and revise the plan. Plan Output: Reviewed IT IA Plan

    3 The Supervisory Board decide about the credibility of the IT IA Is IT IA Plan ready Plan. If the decision is negative, the IT IA Plan should be improved for approving? (back to block 2), by IT Internal Auditor.

    4 The Supervisory board approves the IT IA Plan. Approving of IT IA Output: Approved IT IA Plan Plan

    5 IT Internal Auditor informs (by mail or fax) previous mentioned IT IA entities about the structure, time scheduling and IT IA process, Announcement according to already approved IT IA Plan. Send the requests for

    delivery of existing documentation (policies, organizational chart,

    authorities and responsibilities, process description/procedures,

    instructions, manuals, guidelines, and other) realization of IT IA.

    Output: IT IA Announcement document; IT IA Documentation


    6 According to received document from IT departments, IT Internal Collecting Auditor reviews it, and prepares the IT IA Checklist and detailed documents plan for realization of audit.

    Output: IT IA Checklist; Detailed Plan for IT IA

PD-01 __________________ Version 1 All rights reserved! Page 6 / 9

     Internal Audit Department

    Job performing Block Activity (Step)

    7 IT Internal Auditor realizes the IT IA process in the following steps: Realisation of IT - Opening meeting (with Head of IT and staff members) Audit

    - Delivering the Statement of Confidentiality

    - Auditing: Management, DBA, System Engineers, Help

    Desk, Software Development, System Administration

    (according to the detailed IT Plan)

    - Findings and reaching the audit conclusions

    - To prevent and resolve conflicts

    - In accordance with IT Management, determining the

    corrective actions and deadlines

    - Closing meeting and presentation of the results (Non

    conformity reports and draft IT IA report)

    - Updating the existing IT IA Checklist

    Output: Non conformity Reports, Draft IT IA Report, updated IT IA


    8 According to findings and non conformities, IT Internal Auditor Creating final IT IA summarizes IT in the documented form named IT IA Report. The report IT IA Report should be delivered to Head of IT, Head IA and

    Supervisory Board.

    Output: IT IA Report

    9 Head of IT and Head of IA should revise the IT IA Report and Reviewing IT IA present the possible modifications to IT Internal Auditor, no later Report than 10 working days.

    10 If the answer is YES, go to block 8. Are there any Output: Approved IT IA Report discrepancies in

    the IT IA Report?

    11 Archiving of IT IA Report should be realized according to Section 9 Archiving the IT IA (Document and Records) in this document. Report Output: Archived IT IA Report

    12 If the answer is YES, Follow up IT Audit must be performed. Are there any Non If the answer is NO, It IA Process is finished. conformities with

    HIGH priority?

    13 IT Management (all relevant staff) inform It Internal Auditor about Receiving confirmation of corrective actions concerning each non conformity. Conformation According to corrective actions, It Internal Auditor prepares the

    detailed Plan for Follow Up Audit.

    Output: Follow Up Audit Plan

    14 IT Internal Auditor performs the IT IA follow up Audit. Follow Up Audit Output: Follow-up IT IA Report

    15 If answer is YES, go to block 17. Is non conformity


PD-01 __________________ Version 1 All rights reserved! Page 7 / 9

     Internal Audit Department

    Job performing Block Activity (Step)

    New Non 16 If corrective action is unsuccessful or incomplete, either corrective conformity Report actions resulted new non conformity, IT Internal Auditor create

    New Non conformity Report.

    Output: Non conformity Report

    Follow up IT IA 17 IT Internal Auditor create Follow up IT IA Report. The report,

    Report previous IT IA documents and additional documentation is


    Go to block 11.


8.1. Measurement

    HEAD OF IA DEFINES THE CONTROL POINTS FOR IT IA PROCESS DESCRIPTION! (Control Point SHOULD BE defined in the flow-diagram, and IT is strictly recommended to have

    IT clear defined.)

    (Control point can be written into the separate column from the right side, or bellow the

    diagram flow.)

     Point from code Description of control points flowchart (1) (2) (3)

8.2. Analysis


PD-01 __________________ Version 1 All rights reserved! Page 8 / 9

     Internal Audit Department


Document Title Archiving Time

    Archiving Place

    Hard copy Electronic form

    ANNUAL PLAN FOR IT IA 1 year permanent Head of IA

    IT Internal Auditor IT IA CHECKLIST 1 year permanent Head of IA

    IT Internal Auditor IT IA ANNOUNCEMENT 1 year permanent Head of IA

    IT Internal Auditor

    Head of IT IT IA DOCUMENTATION REQUEST 1 year permanent Head of IA

    IT Internal Auditor

    Head of IT NON CONFORMITY REPORT 1 year permanent Head of IA

    IT Internal Auditor

    Head of IT IT IA REPORT 1 year permanent Head of IA

    IT Internal Auditor

    Head of IT STATEMENT FOR CONFIDENTIALLY 1 year permanent Head of IA

    IT Internal Auditor

    Head of IT IT IA AUTHORITIES AND permanent permanent Head of IA RESPONSIBILITIES IT Internal Auditor


[Click here and insert the file with the Quality Record (QR)]

PD-01 __________________ Version 1 All rights reserved! Page 9 / 9

Report this document

For any questions or suggestions please email