Establishing an IT-audit department
Established an internal audit department for a client, including planning, methodologies, and procedures.
Project: Establishing an IT-Audit Department
Client Background: Our client, a public sector organization, operated with an organizational model that lacked the three lines model of the Institute of Internal Auditors (IIA). As a result, there was a need to establish a third line of defense, specifically an internal audit department.
Project Scope: We were engaged to establish the internal audit department, focusing on the IT-audit aspect, within the organization.
Key Activities:
- Governance Establishment: Developed governance structures and policies to guide the operations of the internal audit department, ensuring alignment with industry standards and best practices.
- Methodology Development: Created a comprehensive IT audit methodology tailored to the organization’s needs, covering risk assessments, audit procedures, and reporting processes.
- Operational Execution: Conducted various types of IT audits based on risk assessments, including operational audits, compliance audits, and IT general controls assessments.
- Product Creation: Developed specialized IT audit products, such as an IT audit universe, customized to the organization’s specific IT environment and requirements.
- Certification and Recognition: Upon completion of the project, the internal audit department achieved certification from the relevant regulatory organization. The department was commended for its IT audit achievements and contributions to enhancing the organization’s internal controls.
Project Duration: The project spanned over 2,5 to 3 years, during which we gradually phased out our involvement and transitioned responsibilities to the internal audit department.
