IT Risk Assessment Audit Report

Subscriber Content
Screenshot of the first page of IT Risk Assessment Audit Report

This audit report outlines findings from a high-level IT risk assessment at a company. The purpose of this assessment was to: (1) assist management in obtaining a better understanding of the technology risk impacting the organization, (2) prioritize the technology risk areas, and (3) develop a three-year IT audit plan.

In this sample, the internal audit department’s perspective was that substantial IT audit coverage is gained annually through Sarbanes-Oxley (SOX) IT general controls testing; however, some additional IT audit work should be performed annually to address other IT risks not covered (or not covered in sufficient depth) through SOX IT testing. An IT process-centric risk assessment approach was taken.

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.