Compliance Risk Management IT Governance Assurance IT Audit Methodology Our methodology has been developed in accordance with industry standards and as recommended by various audit regulatory bodies including following the guidelines of Committee Of Sponsoring Organizations (COSO), Federal Information System Controls Audit Manual (FISCAM), NIST Special Publication 800-53, Federal Information Security Management ACT (FISMA) and Financial Systems Integration Office (FSIO). The beginning point of this methodology is to carry out planning activities that are geared towards integrating a Risk Based Audit approach to the IS Audit. Phase 1 – Opening Conference and Audit Planning During opening conference meeting, the client describes the unit or system to be reviewed, the organization, available resources (personnel, facilities, equipment), and other relevant information. The internal auditor meets with the senior officer directly responsible for the unit under review and any staff members s/he wishes to include. It is important that the client identify issues or areas of special concern that should be addressed. In this phase we plan the information system coverage to comply with the audit objectives specified by the client and ensure compliance to all laws and professional standards. The first thing is to obtain an Audit charter from the client detailing the purpose of the audit, the management responsibility, ...