Formalization of the IT Audit Management Process

摘要

Audit is an independent activity that employs standardized methods to evaluate and improve the effect in the process of compliance and control in order to help the organization achieve its goals. Nowadays, the current audit management process is costly and requires a high effort since there is a high amount of resources and used assets needed. This happens due to the large number of regulations with which it is crucial to comply. However, there are several frameworks which bring uncertainty and complexity to an organization. We intend to analyze the most important frameworks, elicit the needed requirements and use them to formalize the IT audit management process. Our work is important since a formalization of the IT audit management process is still missing and organizations keep struggling with so many frameworks in the market. Thus, organizations can achieve an improvement in their audits performance and an improvement on the analyses of their internal controls and compliance requirements.