Audit Report

Download free SysTrust Audit Framework Templates

Download Free IT Outsourcing Cost-of-Living Adjustment (COLA) Provisions Checklist

1. What is a COLA provision? (A provision that calls for an adjustment to the fees to reflect inflation)

2. At what point during the term of the Agreement will COLA apply?
- Is any inflation built into the fees?
- To what extent should the vendor be managing inflation?

Below sample of Information Technology (IT) Audit Report. This sample templates report could be used to prepare your audit of Management Information System. This template mainly focusing on detail finding and recommendation that should be done by the auditee. The most difficult part of IT audit process is to ensure that every recommendation could be enacted.

The structure of this report are:
1. Audit Objectives: To assess [Name of Company] compliance with the [Name of Standard] Standard
2. Overall conclusion:

So what is the primary objectives of PCAOB Auditing Standard No. 5 Regarding Audits of Internal Control Over Financial Reporting

1. Focus the Audit on Most Important Matters
- Top-down, risk-based approach that emphasizes use of judgment.
- Risk assessment is pervasive throughout the audit, including the identification and testing of controls

2. Eliminate Unnecessary Procedures
- Removing the requirement to evaluate management's process
- Consideration of knowledge from prior years (however, rotation is still not permitted).
- Eliminates “principal evidence” requirement
- Provides flexibility to use the work of others to a greater extent, including within the control environment, and performance of walkthroughs under our direct supervision

Below list of the information asset that should be acquired before performing security assessment:

DNS/NetBIOS name of the asset
This is the name of the system; typically the domain name system (DNS) name and the NetBIOS name will be the same. This is one more way to map the system to the IP address and the Media Access Control (MAC) address.

Operating system of the asset
Although obvious, this is important to the patch management process. If you don’t know what your systems are running, it is difficult if not impossible to know what vulnerabilities to monitor for, and to plan the patching stages.

Listening services on the asset
One of the oldest concepts in information security is the one of least privilege. Systems should not have services listening on them that are not being used. Documenting what is listening on each system and what is needed on each system is a critical step.