Examination objectives allow the examiner to determine the quality and effectiveness of the audit function related to IT controls. These procedures will disclose the adequacy of audit coverage and to what extent, if any, the examiner may rely upon the procedures performed by the auditors in determining the scope of the IT examination. Tier I objectives and procedures relate to the institution's implementation of an effective audit function that may be relied upon to identify and manage risks.Tier II objectives and procedures provide additional validation as warranted by risk to verify the effectiveness of the institution's audit function. Tier II questions correspond to the Uniform Rating System for Information Technology (URSIT) rating areas and can be used to determine where the examiner may rely upon audit work in determining the scope of the IT examination for those areas.
Determine the scope and objectives of the examination of the IT audit function and coordinate with examiners reviewing other programs.