IT Audit process

The selected case study is: ONC Releases Second Draft of TEFCA PAPER (Appendix 3: QHIN Technical frame work – Page 70 onwards only)

Weeks 1–5 Project Overview

For this assignment, you will tackle the comprehensive task of auditing the IT and IS for an organization operating in a domain of your choice. You will apply the IT auditing process to a selected case study for your organization. You will first define the scope of your organization, describe its IT capability, and explain how it supports the organization’s critical mission. You will then conduct an evaluation of how the IT capability aligns with the organization’s goals.

Your evaluation will examine IT/IS practices and operations in your organization. Your evaluation will include an assessment of internal controls within the IT environment to assure validity, reliability, and security of information, as well as an assessment of the efficiency and effectiveness of the IT capability. Finally, you will describe your findings and discuss recommendations in terms of specific controls improvements to key IT processes for your selected case study. Your main objective is to formulate a solution in the form of decisions that will aim at assuring the integrity of your organization’s information assets.

You will be completing this assignment in five weeks. In each week, you will work on a component of the report. By the end of Week 5, you will integrate these separate components into a final report.

The final project deliverable will be a report reviewing the organization’s enterprise goals, IT-related goals, architecture, and summarizing the findings based on your evaluation, and your final analysis and recommendations (in the form of decisions). The report will include:

  • A description of the organization’s main business and mission, including the enterprise goals
  • The IT/IS capability for your organization, including IT/IS infrastructure, systems, and applications, as well as the organization’s IT-related goals
  • An evaluation of IT/IS practices and operations in your organization, including an assessment of internal IT controls in terms of achieving IT assurance for your organization
  • A description of the findings and an analysis of the risks and remedial measures, arriving at specific, qualifiable decisions (that can be verified when implemented)
  • A summary of how your IT auditing will achieve greater IT assurance and will ensure a stronger alignment of the IT-related goals with the enterprise goals

Include a copy of all the references used in APA format.

The following is the modular breakdown of the project:

  • Week 1:
    • Conduct a preliminary review of your case study’s organization. This review should include business mission, organizational structures, culture, IS, products and services, infrastructure and applications, people skills, and competencies.
    • Explain the need for an IT audit of your organization. Support your analysis in IT governance terms. Identify the stakeholders for your case study.
    • Identify enterprise goals and IT-related goals for your case study and then create a mapping of the two sets, indicating primary relationships and secondary relationships.
    • Start developing an IT audit plan that addresses the following components: Define scope, state objectives, structure approach, provide for measurement of achievement (identify the areas you intend to measure; specific metrics will be addressed later), address how you will assure comprehensiveness, and address how you will provide approach flexibility.


  • Week 2:
    • Discuss how you will apply a single auditing framework like COBIT 5 to structure your IT audit.
    • Describe the IT audit procedures that you will rely on in your IT audit.
    • Start defining a balanced scorecard that lists IT-related goals and tracks some performance metrics against the goals.
    • Review and revise your IT audit plan as needed by improving components in your plan based on additional insight you have developed.
  • Week 3:
    • Identify your case study’s IT processes in key areas of the IS lifecycle and describe them according to the major domains.
    • Conduct a preliminary evaluation of internal IT processes, focusing primarily on project management and software development.
    • Refine your balanced scorecard as needed, possibly expanding the IT-related goals and the performance metrics.
    • Create a process RACI chart that maps management practices to their related roles and indicate levels of responsibility for each role.
  • Week 4:
    • Conduct an evaluation of internal controls for service management.
    • Conduct an evaluation of internal controls for systems management.
    • Conduct an evaluation of internal controls for operations management.
    • Refine your balanced scorecard as needed, possibly expanding the IT-related goals and the performance metrics.



  • Week 5:

Using the three-phase model of IT assurance initiative provided in the online lectures, build and execute an IT assurance initiative as follows:

    • Identify potential IT-related issues based on documented assumptions and your evaluation of your case study in Weeks 1–4.
    • Scope the IT assurance initiative based on the subset of the organizational system that should be targeted.
    • State relevant enablers and suitable assessment criteria to perform the assessment.
    • Integrate the totality of your work from Weeks 1–4and report the results of your assessment including your findings and recommendations.


Last Updated on April 30, 2019

Don`t copy text!