Active IT Audit Manual

Active

The ideas was to change the existing WGITA-IDI IT Audit Handbook into electronic Active IT Audit Manual. “Active” means here:

• presenting practical guidance, essential technical information and key audit questions in an interactive way, which changes a handbook into a tool
• easy to update
• gradually customized to specific needs of user – i.e. taking into account lessons learnt from real life audits
• supporting mandatory obligations related to audit procedures of particular SAIs

Free and open

Our aim was not to build an audit support software but to make SAIs ready to do it effectively in future, if so decided. To make it easy to use and adapt, the Manual can be used in web or with two well known and broadly available packages of productivity software, supported by major desktop ecosystems: MSOffice and LibreOffice. Data are stored in XML format, which makes the tool open to other solutions – the present and future ones. For coding we use Visual Basic for Applications (VBA) and the BASIC LibreOffice scripting language – available to all experts who would like to develop the tool further on or to tailor it to their needs.

ISSAI 100 logic

To ensure that the audit process is preserved to enable subsequent verification, monitoring and share of the audit analysis procedures (ISSAI 100 PARAGRAPH 42), the tool produces:

• A template activity plan, which includes the subject, criteria and scope
• Audit matrices to help performing the audit work and recording the findings
• A central point to help the auditor interpreting and judging against the audit questions previously raised at the planning stage.

Open for other tools

The map of risks can be supported with data received from auditee in the pre-assessment phase (mechanism already implemented) and from previous audits in close areas. A second mechanism is planned to be developed in cooperation with another project of the same EUROSAI ITWG subgroup: ‘Control space of –e-Government’ (The Cube).