According to HA guidance on IT, which of the following actions would be performed as part of the "Define IT Universe" stage of the IT audit plan development process?
A.
Identify significant applications that support the business operations
B.
Assess risk and rank subjects using business risk factors
C.
Identify how the organization structures its business operations
D.
Select audit subjects and bundle into distinct audit engagements
In the "Define IT Universe" stage of the IT audit plan development process, the primary action is to identify significant applications that support the business operations. This step involves mapping out the IT environment, including key systems, applications, and infrastructure components that are critical to achieving business objectives. By identifying these significant applications, auditors can focus on areas that have the greatest impact on the organization's performance and risk profile. This stage sets the groundwork for subsequent steps such as risk assessment, ranking subjects, and selecting audit engagements.
[References:, IIA Global Technology Audit Guide (GTAG): "Developing the IT Audit Plan", ISACA’s COBIT Framework for IT Governance and Management, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit