Professional Documents
Culture Documents
A U D IT P R O G R A M S A N D
ES TA B LIS H IN G
TH E A U D IT U N IV ER S E
internalaudit areas
reviews of financial process internal
controls,
operational areas in the enterprise,
safety and security issues,
controls related to information
technology (IT) systems,
etc
audit universe
list of all of the potential areas to
audit
CBOK : Internal auditors at all levels
should understand the importance of
having an enterprise-specific internal
audit universe as a basis to guide
their internal audit activities. That
audit universe will help internal audit
to better present planned activities
to the audit committee
D efi
ning the Scope and O bjectives of
the InternalAudit Universe
To define its audit universe, internal
Focalpoints
For an information security universe
1. IT access controls
2. System security configuration
3. Monitoring and incident response
4. Security management and administration
For an IT infrastructure universe element
1. Structure and strategy
2. Methodologies and procedures
3. Measurement and reporting
4. Tools and technology
II
Exam ple
Computer program to calculate pay will include