Table of Contents

Information Technology Assessment

The following are CobiT-related

matrices used to assist field staff in
planning their audit engagements.

Table of Contents

Sheet
1 Table of Contents
2 Entity Short Form
3 Entity Long Form
4 Contract Service
5 Responsible Party
6 Prior Audit Work
7 Risk Assessment

Page 1
 Information Technology Assessment
Entity Short Form

Entity:________________________
Audit Number: _________________

Importance Performance
Somewhat Important
Very Important

Not Important

Satisfactory
Very good
Excellent

Not Sure
Not sure

Poor
IT Process
PO1 Define a strategic IT plan
PO2 Define the information architecture
PO3 Determine technological direction
PO4 Define organization and relationships
PO5 Manage the investment
PO6 Communicate management aims & direction
PO7 Manage human resources
PO8 Ensure compliance with external requirements
PO9 Assess risk
PO10 Manage projects
PO11 Manage quality

AI1 Identify automated solutions

AI2 Acquire & maintain application software
AI3 Acquire & maintain technology architecture
AI4 Develop & maintain procedures
AI5 Install & accredit system
AI6 Manage changes

DS1 Define service levels

DS2 Manage third party services
DS3 Manage performance & capacity
DS4 Ensure continuous service
DS5 Ensure system security
DS6 Identify & allocate costs
DS7 Educate & train users
DS8 Assist & advise customers
DS9 Manage the configuration
DS10 Manage problems & incidents
DS11 Manage data
DS12 Manage facilities
DS13 Manage operations

M1 Monitor the process

Completed by ____________________

Date ______________
 Information Technology Assessment
Entity Short Form
M2 Assessing internal control adequacy
M3 Obtain independent assurance
M4 Propviding for independent audit

Completed by ____________________

Date ______________
 Information Technology Assessment
Entity Long Form

Entity:________________________
Audit Number: _________________

Internal WP
Importance Performance Controls Ref.
Somewhat Important

Not Documented
Very Important

Not Important

Documented
Satisfactory
Very good
Excellent

Not Sure

Not Sure
Not sure

Poor
IT Process
PO1 Define a strategic IT plan
PO2 Define the information architecture
PO3 Determine technological direction
PO4 Define organization and relationships
PO5 Manage the investment
PO6 Communicate management aims & direction
PO7 Manage human resources
PO8 Ensure compliance with external requirements
PO9 Assess risk
PO10 Manage projects
PO11 Manage quality

AI1 Identify automated solutions

AI2 Acquire & maintain application software
AI3 Acquire & maintain technology architecture
AI4 Develop & maintain procedures
AI5 Install & accredit system
AI6 Manage changes

DS1 Define service levels

DS2 Manage third party services
DS3 Manage performance & capacity
DS4 Ensure continuous service
DS5 Ensure system security
DS6 Identify & allocate costs
DS7 Educate & train users
DS8 Assist & advise customers
DS9 Manage the configuration
DS10 Manage problems & incidents
DS11 Manage data
DS12 Manage facilities
DS13 Manage operations

M1 Monitor the process

M2 Assessing internal control adequacy

Completed by __________

Date __________
 Information Technology Assessment
Entity Long Form
M3 Obtain independent assurance
M4 Providing for independent audit

Completed by __________

Date __________
 Information Technology Assessment
Contract Service

Entity:________________________
Audit Number: _________________

Internal Formal Contract WP

Performed by Controls in place? Ref.
Within Organisation

Not Documented

Not Applicable
IT Department

Documented
Outsourced

Not Sure

Not Sure
Not sure

Yes
No
IT Process
PO1 Define a strategic IT plan
PO2 Define the information architecture
PO3 Determine technological direction
PO4 Define organization and relationships
PO5 Manage the investment
PO6 Communicate management aims & direction
PO7 Manage human resources
PO8 Ensure compliance with external requirements
PO9 Assess risk
PO10 Manage projects
PO11 Manage quality

AI1 Identify automated solutions

AI2 Acquire & maintain application software
AI3 Acquire & maintain technology architecture
AI4 Develop & maintain procedures
AI5 Install & accredit system
AI6 Manage changes

DS1 Define service levels

DS2 Manage third party services
DS3 Manage performance & capacity
DS4 Ensure continuous service
DS5 Ensure system security
DS6 Identify & allocate costs
DS7 Educate & train users
DS8 Assist & advise customers
DS9 Manage the configuration
DS10 Manage problems & incidents
DS11 Manage data
DS12 Manage facilities
DS13 Manage operations

M1 Monitor the process

M2 Assessing internal control adequacy
M3 Obtain independent assurance
M4 Providing for independent audit
 Information Technology Assessment
Contract Service
Completed by:
Name:
Title:
 Information Technology Assessment
Responsible Party

Entity:________________________ Audit Number: _________________

Primary
Performed by (1) IT Process Responsible Party
PO1 Define a strategic IT plan
PO2 Define the information architecture
PO3 Determine technological direction
PO4 Define organization and relationships
PO5 Manage the investment
PO6 Communicate management aims & direction
PO7 Manage human resources
PO8 Ensure compliance with external requirements
PO9 Assess risk
PO10 Manage projects
PO11 Manage quality

AI1 Identify automated solutions

AI2 Acquire & maintain application software
AI3 Acquire & maintain technology architecture
AI4 Develop & maintain procedures
AI5 Install & accredit system
AI6 Manage changes

DS1 Define service levels

DS2 Manage third party services
DS3 Manage performance & capacity
DS4 Ensure continuous service
DS5 Ensure system security
DS6 Identify & allocate costs
DS7 Educate & train users
DS8 Assist & advise customers
DS9 Manage the configuration
DS10 Manage problems & incidents
DS11 Manage data
DS12 Manage facilities
DS13 Manage operations

M1 Monitor the process

M2 Assessing internal control adequacy
M3 Obtain independent assurance
M4 Providing for independent audit
 Information Technology Assessment
Responsible Party
(1) Identify organizational units which perform
activities incorporated within the IT process
 Audit Planning Sheet
Prior Audit Work

In Prior Audit Prior

Scope Audit Opinion Findings Audit

Number of findings
Not Determined
Unqualified

Unresolved
Resolved
Disclame
Qualified

Adverse
Yes

N/A
No

IT Process
PO1 Define a strategic IT plan
PO2 Define the information architecture
PO3 Determine technological direction
PO4 Define organization and relationships
PO5 Manage the investment
PO6 Communicate management aims & direction
PO7 Manage human resources
PO8 Ensure compliance with external requirements
PO9 Assess risk
PO10 Manage projects
PO11 Manage quality

AI1 Identify automated solutions

AI2 Acquire & maintain application software
AI3 Acquire & maintain technology architecture
AI4 Develop & maintain procedures
AI5 Install & accredit system
AI6 Manage changes

DS1 Define service levels

DS2 Manage third party services
DS3 Manage performance & capacity
DS4 Ensure continuous service
DS5 Ensure system security
DS6 Identify & allocate costs
DS7 Educate & train users
DS8 Assist & advise customers
DS9 Manage the configuration
DS10 Manage problems & incidents
DS11 Manage data
DS12 Manage facilities
DS13 Manage operations

M1 Monitor the process

M2 Assessing internal control adequacy
M3 Obtain independent assurance
M4 Providing for independent audit

Completed by __________

Date __________
 Audit Planning Sheet
Prior Audit Work

Insert the number of findings if there is more

than one per process category and then reflect
the appropriate number under each column.

Completed by __________

Date __________
 Audit Planning Sheet
Risk Assessment

Entity:________________________
Audit Number: _________________

Internal WP
Importance Risk Controls Ref.
Somewhat Important

Not Documented
Very Important

Not Important

Documented
Immaterial

Not Sure

Not Sure
Not sure

Medium
High

Low
IT Process
PO1 Define a strategic IT plan
PO2 Define the information architecture
PO3 Determine technological direction
PO4 Define organization and relationships
PO5 Manage the investment
PO6 Communicate management aims & direction
PO7 Manage human resources
PO8 Ensure compliance with external requirements
PO9 Assess risk
PO10 Manage projects
PO11 Manage quality

AI1 Identify automated solutions

AI2 Acquire & maintain application software
AI3 Acquire & maintain technology architecture
AI4 Develop & maintain procedures
AI5 Install & accredit system
AI6 Manage changes

DS1 Define service levels

DS2 Manage third party services
DS3 Manage performance & capacity
DS4 Ensure continuous service
DS5 Ensure system security
DS6 Identify & allocate costs
DS7 Educate & train users
DS8 Assist & advise customers
DS9 Manage the configuration
DS10 Manage problems & incidents
DS11 Manage data
DS12 Manage facilities
DS13 Manage operations

M1 Monitor the process

 Audit Planning Sheet
Risk Assessment
M2 Assessing internal control adequacy
M3 Obtain independent assurance
M4 Providing for independent audit
Sheet12

Page 14