A theoretical framework for IT audits

A record of past audits conducted in an organization

An inventory of all potential audit areas within an organization

A standardized IT security checklist

Managing IT budgets

Developing software applications

Establishing internationally accepted IT control objectives

Encrypting financial transactions

IT governance should focus exclusively on financial applications

IT should be governed separately from business operations

IT governance and management should be holistic and cover the entire organization

Only large corporations need to implement COBIT

It ensures all financial statements comply with tax regulations

It identifies and prioritizes risks to allocate audit resources effectively

It replaces the need for substantive testing in IT audits

It ensures IT policies are aligned with human resource strategies

Assigning probability levels to threats

Identifying and characterizing assets

Computing risk ratings

Developing an audit schedule

To ensure internal control weaknesses are publicly disclosed

To optimize the use of audit resources and align with organizational goals

To eliminate the need for financial statement audits

To document every IT-related transaction in an organization

Reviewing flowcharts of operations

Conducting interviews with non-financial staff

Evaluating marketing performance

Benchmarking against non-IT industries