As an IT Auditor, the foremost thing that he/she has to do is to confirm about Information System (IS) Audit Charter.

And it's obvious to have the question about what is audit charter? what's its importance in an audit process and how do we prepare them. This blog will brief the audit charter with its purpose and the way to draft the audit charter with an example to elaborate the steps.

Basically, the Audit Charter is a formal document that defines the rules of conduct. According to ISACA (2013), It is a document approved by the governance body that states the purpose, objective, scope, authority, and responsibility of the internal audit activity. Moreover, the Audit Charter establishes the internal audit functions, authorizes access to record, personal and physical properties relevant to the performance of IS audit and assurance engagement and defines the scope of the audit function activities.

Furthermore, An IS Audit charter describes the roles of the internal audit function that address the four aspects of purpose, responsibilities, authority, and accountability.

The brief structure of an IS Audit is composed in a document with the following sections.

Mandate: It is an overview and clear detail to perform the IS audit function followed by the following sections.

1. Purpose: This purpose section of the audit charter is sub-categorized into aims/goals, mission, objective, scope, and roles as per the requirement that describes the purpose of conducting an internal audit.

2. Responsibility: The responsibility section is further subdivided into operating principles, independence, relationship with external audit, critical success factors, key performance indicators, risk assessment, and other performance measures.

3. Authority: This section defines the right of access information, personnel, locations and systems relevant to the performance of audits, scope and limitation of scope, functions to be audited, auditee expectations, governance structure. Besides that, the auditing team is formed along with allocating the right and responsibility of the audit team along with the access controls.

4. Accountability: The accountability section defines the reporting line to the senior management, auditee rights, quality reviews, bench-marking performance and functions, assessment of completion of the audit plan and staffing/career development. Furthermore, in this section, the agreement is made to perform actions.

The above sections are the major content in the audit charter. In addition to these, the audit charter also contains details about effective communication with auditees to describe the service, its scope, delivery time, cost estimates, assessment techniques, and reporting processes. Finally, the audit charter defines quality assurance processes to understand the need and expectations of auditees and evaluate the audit charter.

Hence, the audit charter includes the above section and supported by an engagement letter that only includes the purpose, content of responsibility, authority, accountability and the effective date of approval and beginning of the audit process.

Source:

References

Bank of International Settlement. (2018, June 4). Internal Audit Charter. Retrieved from Bank of International Settlement (BIS): https://www.bis.org/about/ia_charter.pdf

Glossary. (2020). Retrieved from ISACA: https://www.isaca.org/Pages/Glossary.aspx?tid=1098&char=A

Information Systems Audit and Control Association, Inc (ISACA). (2016). Information Systems Auditing: Tools and Techniques. USA: Information Systems Audit and Control Association, Inc. (ISACA).

ISACA. (2016). CISA Review Manual 26th Edition. USA: ISACA.

ISACA. (2020). IS Audit and Assurance Guideline 2001 Audit Charter. Retrieved from ISACA: http://www.isaca.org/Knowledge-Center/ITAF-IS-Assurance-Audit-/IS-Audit-and-Assurance/Pages/Guideline-2001-Audit-Charter.aspx