ITSC Documentation

This audit procedure requires the IS auditor to review the minutes/reports and associated supporting documents of the ITSC. By reviewing the documentation, the IS auditor can determine if the ITSC has carried out its role and responsibilities not only in accordance with the charter, but also in accordance with any processes that have been established.

Sample selections of the documentation, e.g., minutes/reports, business case(s) are to be reviewed. However, the sample size will be dependent upon

■ The elapsed time since the establishment of the ITSC and the audit being undertaken

■ The frequency of ITSC meetings

■ The format, quality, and quantity of the documentation

■ Availability of the documents

The contents of the documents are to be reviewed. The details are required to be checked against supporting documentation, e.g., ITSP, corporate plan, business unit action plans, project plans, budgets, etc. For example, any variances or exceptions to the ITSP are to be referred to the ITSC chairperson for clarification.

It is important that all variances or exceptions are investigated as it may be an indicator that the ITSC has either not understood its role and responsibilities or that the supporting processes have internal-control weaknesses.

Project Management Made Easy

Project Management Made Easy

What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.

Get My Free Ebook

Post a comment