Option #1: Performing an IT Audit (paper) For this assignment, assume you have been hired by a medium-sized software development firm to audit the company’s IT infrastructure and operational procedure

Option #1: Performing an IT Audit (paper) For this assignment, assume you have been hired by a medium-sized software development firm to audit the company’s IT infrastructure and operational procedure
7 Proposed Audit Schedule and Team Composition Sarah Ray CSU Global Introduction to IT Auditing Professor Nathan Braun 08/26/22 Introduction The quality of an IT audit may suffer for a variety of reasons. Poor management practices, the management structure, and the business’s operating procedures can all contribute to some of the issues. According to Dzuranin & Mălăescu (2016), problems that the IT audit profession is experiencing are a result of the growing amount of data available, as well as changes in technology and rising legal requirements. Creating an audit team is the first stage in an audit exercise since doing so includes members of the audit team and is thought to inspire improved performance. Therefore, an auditing business’s leadership requires using its primary resources by creating teams based on their areas of competence, expertise, and understanding for a quality audit activity. An audit schedule must be provided to identify warning signs and create strategies for mitigating such risks. Completing an audit analysis will allow a company to implement new technologies without worrying about the dangers involved while simultaneously enhancing its capacity to meet customer requests. According to Karlsen and Wallberg (2017), a company may keep up with the changing IT needs by conducting frequent IT audits. In light of the preceding, this paper aims to create a document outlining the suggested audit schedule, team makeup, and equipment requirements for a medium-sized software development company. Team Composition As the team lead in this IT audit, I am responsible for selecting my team members; as such, I will adopt principles in selecting the team members. These principles of selection include industry specialization, training, and continuity. I will select team members with the relevant industry specialization to ensure team composition consists of individuals with similar interests and competencies, ensuring they are effective and committed (Udeh, 2015). The second principle is to ensure that team members have relevant training and specific knowledge in IT auditing. Audit teams require collaboration, management, and communication skills, which training influences and ultimately improves team effectiveness. The next principle for team selection is continuity; I will seek to retain team members who have proved effective in previous IT audits. Team continuity is crucial because it reduces knowledge asymmetry, boosts team effectiveness, and improves audit effectiveness (Udeh, 2015). According to Rivera et al. (2017), the size and composition of an auditing team require analysis of the aspects established by ISO 19011:2011. Therefore, the aspects I will consider using the ISO standard are organization size, objective of audit, legal and contractual requirements, audit duration, the team’s independence, and team members’ capacity. The audit team will be the main tool for bringing together people with different expertise needed to complete a given assignment. The efficacy of an audit exercise essentially results from a wise choice or selection of an audit team, mainly because such people combine their knowledge and skills for a standard course of action while also designating various teams to various tasks of the task force. To put it another way, none of the team members works alone; therefore, no one works in a way that overlaps with the other team members. As a result, one of the crucial components of a successful audit team that I will ensure as the team leader when planning the audit exercise is developing a team where members cooperate in a value-driven way. Furthermore, I will ensure that the audit team I have chosen is very informed, experienced, and skilled in IT audits. Audit Schedule Firms must frequently undertake efficient and methodical audits to comply with the law. However, the basis for auditing activities should reflect the risks that are facing the organization (Niemi et al., 2018). As the team leader for the audit exercise, I will be responsible for promoting some values in the audit exercise. Some of these values relate to the firm’s poor product quality, risks to the employees’ and consumers’ safety, and potential financial risks to the company. Identifying every activity that has to be audited is the first stage in the schedule. These activities involve any action that might affect the quality of the company’s product offering. Next, the audit program’s scope will consider all pertinent standards, laws, client expectations, and stakeholders’ expectations. After the range of operations to be audited has been defined, It will be necessary to quantify the possible risk to the organization, which calls for a risk assessment to be carried out. Then an audit frequency will be established for each activity identified. The resource needs and organizational effects must be considered while determining the audit frequency. Resources will be needed for the audits’ execution and for their facilitation and resolution of any problems that may surface. A calendar of activities versus suggested audit deadlines can be made after the aforementioned is determined. The timetable I will create will produce balanced intervals between audit activities so that there are not too many audits at once. Additionally, I will have to schedule the audit exercise for the company while taking into account the firm’s past audit experiences and evaluating the maturity of its quality management system. I can arrange my audit for the firm once I have verified all this and other things. The internal assessment of the business and the audit exercise are intended to help the firm’s CIO understand when the essential business operations occur and who participates. Checklist Before completing the audit exercise, there are a few other important things and onsite actions that I will need to have checked in addition to the audit schedule and team makeup. In essence, these things and actions will give me a better understanding of what has been occurring in the company. Requesting access to various records and papers is a highly useful tool in this process. Access to these data and papers will allow me to monitor the business’s operating operations and IT infrastructure. Additionally, before the actual audit exercise, I will need, among other things, an organizational structure, a security categorization method, and a duplicate of the policy governing records management. I will also ask for a copy of the relevant regulations to improve safety when working onsite. Finally, I will describe the workspace requirements for my audit team, including how will ask the company to provide the team with technology services to facilitate the audit exercise. Conclusion The CIO of a medium-sized IT software development company was the target audience for this paper’s proposal of an audit timetable and team makeup. Therefore, establishing a successful audit team has been emphasized throughout this audit proposal. Competent audit team selection produces high-quality audit findings since each team member contributes knowledge, experience, expertise, and abilities to the group’s and the organization’s overall success. In other words, one team supports the other in ways that enable a successful audit. Additionally, based on the discussions surrounding this audit proposal, the audit team must be given access to multiple documents and records to gain a general understanding of the management’s processes, procedures, and organizational structure before beginning the actual audit. Finally, auditors should also be provided with technology tools or services to guarantee a seamless audit procedure while operating onsite. References Dzuranin, A. C., & Mălăescu, I. (2016). The Current State and Future Direction of IT Audit: Challenges and Opportunities. Journal of Information Systems, 30(1), 7–20. https://doi.org/10.2308/isys-51315. Niemi, L., Knechel, W. R., Ojala, H., & Collis, J. (2018). Responsiveness of auditors to the audit risk standards: Unique evidence from Big 4 audit firms. Accounting in Europe, 15(1), 33- 54. Rivera, D. E., Villar, A. S., & Marrero, J. I. S. (2017). Auditors selection and audit team formation in integrated audits. Calitatea, 18(157), 65. Udeh, I. A. (2015). Audit team formation. Journal of Legal Issues and Cases in Business, 3, 1.