2.1 The IT audit process has to necessarily include the following steps
• Planning
• Definition of audit objectives and scope
• Evaluation of controls
• Evidence collection
• Evaluation of evidence
• Reporting and follow up
Planning
2.2 The auditing standards of SAI India (paragraphs 4.1, 5.1 and 6.1 under
Chapter-III) state that:
• The auditor should plan the audit in a manner, which ensures that an audit of
high quality is carried out in an economic, efficient and effective way and in a
timely manner.
• The work of the audit staff at each level and audit phase should be properly
supervised during the audit; and a senior member of the audit staff should
review documented work.
• The auditor, in determining the extent and scope of the audit, should study and
evaluate the reliability of internal control.
2.3 Perhaps the most important activity of any audit is planning. The greater the
care taken in the planning the more precise and effective will be the audit. Planning is
carried out at three levels.