Starting a new IT internal audit department 206

  • Hello,
    I have the opportunity to help build a fairly new internal audit department. The department has been around for almost a year and only has one person running the entire function. They are focused more on the financial side of things where I would be brought in to focus on the IT side of things. I have a strong IT background and have done SOA work before, but never started anything from scratch.
    I know this is a very vague question, but I’m hoping it will give me a better idea of the direction I would need to go if I took the position:
    What would be the logical steps in creating an IT function in the internal audit department? How would you go about starting and working through the entire IT portion of SOA to get the organization compliant?
    I know, very broad, but as I get a better understanding of the scope, I can start to refine my questions.
    Thanks for any help or insight.

  • This post is deleted!

  • Hey buddy,
    The first 100 days for you will be critical.
    I would start off by looking at your company wide controls first. Read . If you are a CISA then you should be able to log in and obtain the IT control objectives for SOX document or perhaps you can get it without loging in. Either way, that document will be ur bible. Email me if u need it
    Secondly, look at your audit charter to see what your customer’s expectations are.
    Next do a risk assessment, then develop a project plan for attacking SOX.
    Good luck.

  • And don’t forget an offering to the Sox Gods.

  • In addition to above, there is a need to make a clear perspective plan with an objective to be not only compliant by the stipulated date but also reduce the outlay in subsequent quarterly/yearly compliance . If you go through the market landscape, some organization are trying to derive value out of this compliance and do the similar things. We can share our thoughts I can forward you some white papers if you desire.
    Regards, Krish

Log in to reply